CVE-2016-3118 - OpenCVE

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Api Gateway

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:api_gateway:7.1:::::::*
	cpe:2.3:a:broadcom:api_gateway:8.0:::::::*
	cpe:2.3:a:broadcom:api_gateway:8.1:::::::*
	cpe:2.3:a:broadcom:api_gateway:8.2:::::::*
	cpe:2.3:a:broadcom:api_gateway:8.3:::::::*
	cpe:2.3:a:broadcom:api_gateway:8.4:::::::*

References

Link	Resource
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-06T01:00:00

Updated: 2016-04-06T00:57:01

Reserved: 2016-03-11T00:00:00

Link: CVE-2016-3118

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-04-06T01:59:28.840

Modified: 2021-04-07T17:55:26.013

Link: CVE-2016-3118

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-06T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3118", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx", "refsource": "CONFIRM", "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3118", "datePublished": "2016-04-06T01:00:00", "dateReserved": "2016-03-11T00:00:00", "dateUpdated": "2016-04-06T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:api_gateway:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D1A83AF-E209-4242-82A9-334D7A5859AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "85A4F8B6-6299-4E98-B643-4BFBAC81C2C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "05AA0421-CB13-403C-BF9F-F423F47761C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "371FD974-2C83-4639-B517-4C1F47AD5F57", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "82E2C040-0EDF-48DE-997D-1E069AA82002", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:api_gateway:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "2559E997-8C81-4CF8-A0A1-36D40E775BD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en CA API Gateway (anteriormente Layer7 API Gateway) 7.1 en versiones anteriores a 7.1.04, 8.0 hasta la versi\u00f3n 8.3 en versiones anteriores a 8.3.01 y 8.4 en versiones anteriores a 8.4.01 permite a atacantes remotos causar un impacto no especificado a trav\u00e9s de vectores desconocidos."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "id": "CVE-2016-3118", "lastModified": "2021-04-07T17:55:26.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-06T01:59:28.840", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}