CVE-2016-8024

moderate-risk
Published 2017-03-14

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

Do I need to act?

~
9.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
40911
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Mcafee

References (8)

http://www.securityfocus.com/bid/94823
http://www.securitytracker.com/id/1037433
Vendor Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10181
https://www.exploit-db.com/exploits/40911/
http://www.securityfocus.com/bid/94823
http://www.securitytracker.com/id/1037433
Vendor Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10181
https://www.exploit-db.com/exploits/40911/
46
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal