Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

  • Published: Apr 13, 2017
  • Updated: Nov 9, 2025
  • CVE: CVE-2016-1155
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
google / android 2.2.3 2.2.3.x
google / android 3.2.6 3.2.6.x
google / android 5.1.0 5.1.0.x
google / android 4.2 4.2.x
google / android 4.1 4.1.x
google / android 3.2.4 3.2.4.x
google / android 5.0.2 5.0.2.x
google / android 6.0 6.0.x
google / android 3.2 3.2.x
google / android 3.2.2 3.2.2.x
google / android 4.0.2 4.0.2.x
google / android 2.3-rev1 2.3-rev1.x
google / android 4.4.3 4.4.3.x
google / android 2.3.6 2.3.6.x
google / android 4.0.4 4.0.4.x
google / android 4.3 4.3.x
google / android 4.0.1 4.0.1.x
google / android 2.3.3 2.3.3.x
google / android 4.4.4 4.4.4.x
google / android 3.0 3.0.x
google / android 4.2.1 4.2.1.x
google / android 2.3.1 2.3.1.x
google / android 2.3.5 2.3.5.x
google / android 5.0.1 5.0.1.x
google / android 3.1 3.1.x
google / android 5.0 5.0.x
google / android 4.0.3 4.0.3.x
google / android 2.2.1 2.2.1.x
google / android 2.2.2 2.2.2.x
google / android 2.2 2.2.x
google / android 2.3.4 2.3.4.x
google / android 4.0 4.0.x
google / android 4.4 4.4.x
google / android 4.4.1 4.4.1.x
google / android 2.3.7 2.3.7.x
google / android 2.2-rev1 2.2-rev1.x
google / android 5.1.1 5.1.1.x
google / android 4.2.2 4.2.2.x
google / android 2.3.2 2.3.2.x
google / android 4.3.1 4.3.1.x
google / android 3.2.1 3.2.1.x
google / android 4.4.2 4.4.2.x
google / android 2.3 2.3.x
google / android 5.1 5.1.x
google / android 4.1.2 4.1.2.x