CVE-2016-3166
Published on: 04/12/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:02 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
- CVE-2016-3166 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.9 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | HIGH | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | HIGH | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
oss-security - CVE requests for Drupal core (SA-CORE-2016-001) | www.openwall.com text/html |
![]() |
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001 | Drupal.org | Patch Vendor Advisory www.drupal.org text/html |
![]() |
oss-security - Re: CVE requests for Drupal core (SA-CORE-2016-001) | www.openwall.com text/html |
![]() |
Debian -- Security Information -- DSA-3498-1 drupal7 | www.debian.org Depreciated Link text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Debian | Debian Linux | 7.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Operating System | Debian | Debian Linux | 7.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Application | Drupal | Drupal | 6.0 | All | All | All |
Application | Drupal | Drupal | 6.0 | beta1 | All | All |
Application | Drupal | Drupal | 6.0 | beta2 | All | All |
Application | Drupal | Drupal | 6.0 | beta3 | All | All |
Application | Drupal | Drupal | 6.0 | beta4 | All | All |
Application | Drupal | Drupal | 6.0 | dev | All | All |
Application | Drupal | Drupal | 6.0 | rc1 | All | All |
Application | Drupal | Drupal | 6.0 | rc2 | All | All |
Application | Drupal | Drupal | 6.0 | rc3 | All | All |
Application | Drupal | Drupal | 6.0 | rc4 | All | All |
Application | Drupal | Drupal | 6.1 | All | All | All |
Application | Drupal | Drupal | 6.10 | All | All | All |
Application | Drupal | Drupal | 6.11 | All | All | All |
Application | Drupal | Drupal | 6.12 | All | All | All |
Application | Drupal | Drupal | 6.13 | All | All | All |
Application | Drupal | Drupal | 6.14 | All | All | All |
Application | Drupal | Drupal | 6.15 | All | All | All |
Application | Drupal | Drupal | 6.16 | All | All | All |
Application | Drupal | Drupal | 6.17 | All | All | All |
Application | Drupal | Drupal | 6.18 | All | All | All |
Application | Drupal | Drupal | 6.19 | All | All | All |
Application | Drupal | Drupal | 6.2 | All | All | All |
Application | Drupal | Drupal | 6.20 | All | All | All |
Application | Drupal | Drupal | 6.21 | All | All | All |
Application | Drupal | Drupal | 6.22 | All | All | All |
Application | Drupal | Drupal | 6.23 | All | All | All |
Application | Drupal | Drupal | 6.24 | All | All | All |
Application | Drupal | Drupal | 6.25 | All | All | All |
Application | Drupal | Drupal | 6.26 | All | All | All |
Application | Drupal | Drupal | 6.27 | All | All | All |
Application | Drupal | Drupal | 6.28 | All | All | All |
Application | Drupal | Drupal | 6.29 | All | All | All |
Application | Drupal | Drupal | 6.3 | All | All | All |
Application | Drupal | Drupal | 6.30 | All | All | All |
Application | Drupal | Drupal | 6.31 | All | All | All |
Application | Drupal | Drupal | 6.32 | All | All | All |
Application | Drupal | Drupal | 6.33 | All | All | All |
Application | Drupal | Drupal | 6.34 | All | All | All |
Application | Drupal | Drupal | 6.35 | All | All | All |
Application | Drupal | Drupal | 6.36 | All | All | All |
Application | Drupal | Drupal | 6.37 | All | All | All |
Application | Drupal | Drupal | 6.4 | All | All | All |
Application | Drupal | Drupal | 6.5 | All | All | All |
Application | Drupal | Drupal | 6.6 | All | All | All |
Application | Drupal | Drupal | 6.7 | All | All | All |
Application | Drupal | Drupal | 6.8 | All | All | All |
Application | Drupal | Drupal | 6.9 | All | All | All |
Application | Drupal | Drupal | 6.0 | All | All | All |
Application | Drupal | Drupal | 6.0 | beta1 | All | All |
Application | Drupal | Drupal | 6.0 | beta2 | All | All |
Application | Drupal | Drupal | 6.0 | beta3 | All | All |
Application | Drupal | Drupal | 6.0 | beta4 | All | All |
Application | Drupal | Drupal | 6.0 | dev | All | All |
Application | Drupal | Drupal | 6.0 | rc1 | All | All |
Application | Drupal | Drupal | 6.0 | rc2 | All | All |
Application | Drupal | Drupal | 6.0 | rc3 | All | All |
Application | Drupal | Drupal | 6.0 | rc4 | All | All |
Application | Drupal | Drupal | 6.1 | All | All | All |
Application | Drupal | Drupal | 6.10 | All | All | All |
Application | Drupal | Drupal | 6.11 | All | All | All |
Application | Drupal | Drupal | 6.12 | All | All | All |
Application | Drupal | Drupal | 6.13 | All | All | All |
Application | Drupal | Drupal | 6.14 | All | All | All |
Application | Drupal | Drupal | 6.15 | All | All | All |
Application | Drupal | Drupal | 6.16 | All | All | All |
Application | Drupal | Drupal | 6.17 | All | All | All |
Application | Drupal | Drupal | 6.18 | All | All | All |
Application | Drupal | Drupal | 6.19 | All | All | All |
Application | Drupal | Drupal | 6.2 | All | All | All |
Application | Drupal | Drupal | 6.20 | All | All | All |
Application | Drupal | Drupal | 6.21 | All | All | All |
Application | Drupal | Drupal | 6.22 | All | All | All |
Application | Drupal | Drupal | 6.23 | All | All | All |
Application | Drupal | Drupal | 6.24 | All | All | All |
Application | Drupal | Drupal | 6.25 | All | All | All |
Application | Drupal | Drupal | 6.26 | All | All | All |
Application | Drupal | Drupal | 6.27 | All | All | All |
Application | Drupal | Drupal | 6.28 | All | All | All |
Application | Drupal | Drupal | 6.29 | All | All | All |
Application | Drupal | Drupal | 6.3 | All | All | All |
Application | Drupal | Drupal | 6.30 | All | All | All |
Application | Drupal | Drupal | 6.31 | All | All | All |
Application | Drupal | Drupal | 6.32 | All | All | All |
Application | Drupal | Drupal | 6.33 | All | All | All |
Application | Drupal | Drupal | 6.34 | All | All | All |
Application | Drupal | Drupal | 6.35 | All | All | All |
Application | Drupal | Drupal | 6.36 | All | All | All |
Application | Drupal | Drupal | 6.37 | All | All | All |
Application | Drupal | Drupal | 6.4 | All | All | All |
Application | Drupal | Drupal | 6.5 | All | All | All |
Application | Drupal | Drupal | 6.6 | All | All | All |
Application | Drupal | Drupal | 6.7 | All | All | All |
Application | Drupal | Drupal | 6.8 | All | All | All |
Application | Drupal | Drupal | 6.9 | All | All | All |
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE