CVE-2016-3118

{"id": "CVE-2016-3118", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2016-04-06T01:59:28.840", "references": [{"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en CA API Gateway (anteriormente Layer7 API Gateway) 7.1 en versiones anteriores a 7.1.04, 8.0 hasta la versi\u00f3n 8.3 en versiones anteriores a 8.3.01 y 8.4 en versiones anteriores a 8.4.01 permite a atacantes remotos causar un impacto no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:api_gateway:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D1A83AF-E209-4242-82A9-334D7A5859AC"}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85A4F8B6-6299-4E98-B643-4BFBAC81C2C1"}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AA0421-CB13-403C-BF9F-F423F47761C4"}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "371FD974-2C83-4639-B517-4C1F47AD5F57"}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82E2C040-0EDF-48DE-997D-1E069AA82002"}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2559E997-8C81-4CF8-A0A1-36D40E775BD8"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "sourceIdentifier": "cve@mitre.org"}