Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2016-3166

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

  • Published: Apr 12, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-3166
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
drupal / drupal 6.0-beta2 6.0-beta2.x
drupal / drupal 6.33 6.33.x
drupal / drupal 6.0-rc2 6.0-rc2.x
drupal / drupal 6.2 6.2.x
drupal / drupal 6.14 6.14.x
drupal / drupal 6.24 6.24.x
drupal / drupal 6.13 6.13.x
drupal / drupal 6.0-dev 6.0-dev.x
drupal / drupal 6.25 6.25.x
drupal / drupal 6.18 6.18.x
drupal / drupal 6.0-beta4 6.0-beta4.x
drupal / drupal 6.12 6.12.x
drupal / drupal 6.32 6.32.x
drupal / drupal 6.0-rc3 6.0-rc3.x
drupal / drupal 6.0-rc4 6.0-rc4.x
drupal / drupal 6.4 6.4.x
drupal / drupal 6.11 6.11.x
drupal / drupal 6.0-beta1 6.0-beta1.x
drupal / drupal 6.36 6.36.x
drupal / drupal 6.35 6.35.x
drupal / drupal 6.26 6.26.x
drupal / drupal 6.30 6.30.x
drupal / drupal 6.7 6.7.x
drupal / drupal 6.22 6.22.x
drupal / drupal 6.8 6.8.x
drupal / drupal 6.27 6.27.x
drupal / drupal 6.19 6.19.x
drupal / drupal 6.1 6.1.x
drupal / drupal 6.28 6.28.x
drupal / drupal 6.21 6.21.x
drupal / drupal 6.17 6.17.x
drupal / drupal 6.5 6.5.x
drupal / drupal 6.31 6.31.x
drupal / drupal 6.10 6.10.x
drupal / drupal 6.23 6.23.x
drupal / drupal 6.6 6.6.x
drupal / drupal 6.0 6.0.x
drupal / drupal 6.15 6.15.x
drupal / drupal 6.0-beta3 6.0-beta3.x
drupal / drupal 6.16 6.16.x
drupal / drupal 6.34 6.34.x
drupal / drupal 6.3 6.3.x
drupal / drupal 6.0-rc1 6.0-rc1.x
drupal / drupal 6.29 6.29.x
drupal / drupal 6.37 6.37.x
drupal / drupal 6.20 6.20.x
drupal / drupal 6.9 6.9.x