Vulnerabilities > CVE-2016-0400 - HTTP Response Splitting vulnerability in IBM WebSphere eXtreme Scale

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
ibm
exploit available

Summary

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>

Exploit-Db

descriptionWindows 7 SP1 x86 - Privilege Escalation (MS16-014). CVE-2016-0400. Local exploit for win32 platform
fileexploits/windows_x86/local/40039.cpp
idEDB-ID:40039
last seen2016-06-29
modified2016-06-29
platformwindows_x86
port
published2016-06-29
reporterblomster81
sourcehttps://www.exploit-db.com/download/40039/
titleWindows 7 SP1 x86 - Privilege Escalation MS16-014
typelocal

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/137721/win7sp1-escalate.txt
idPACKETSTORM:137721
last seen2016-12-05
published2016-06-30
reporterblomster81
sourcehttps://packetstormsecurity.com/files/137721/Windows-7-SP1-x86-Privilege-Escalation.html
titleWindows 7 SP1 x86 Privilege Escalation