What is the severity of CVE-2016-1155?

CVE-2016-1155 is classified as a high severity vulnerability due to its potential for remote exploitation.

How do I fix CVE-2016-1155?

The recommended fix for CVE-2016-1155 is to update to a patched version of the Android OS that addresses the HTTP header injection vulnerability.

What versions of Android are affected by CVE-2016-1155?

CVE-2016-1155 affects Android OS versions from 2.2 to 6.0.

What impact does CVE-2016-1155 have on affected devices?

CVE-2016-1155 can allow attackers to execute arbitrary scripts or set malicious values in cookies on affected devices.

Can CVE-2016-1155 be exploited without user interaction?

Yes, CVE-2016-1155 can be exploited remotely without requiring user interaction, making it particularly dangerous.

Vulnerability/
CVE-2016-1155

critical

9.8

CWE

13/4/2017

5/8/2024

CVE-2016-1155

First published: Thu Apr 13 2017(Updated: )

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Android	=2.2
Android	=2.2-rev1
Android	=2.2.1
Android	=2.2.2
Android	=2.2.3
Android	=2.3
Android	=2.3-rev1
Android	=2.3.1
Android	=2.3.2
Android	=2.3.3
Android	=2.3.4
Android	=2.3.5
Android	=2.3.6
Android	=2.3.7
Android	=3.0
Android	=3.1
Android	=3.2
Android	=3.2.1
Android	=3.2.2
Android	=3.2.4
Android	=3.2.6
Android	=4.0
Android	=4.0.1
Android	=4.0.2
Android	=4.0.3
Android	=4.0.4
Android	=4.1
Android	=4.1.2
Android	=4.2
Android	=4.2.1
Android	=4.2.2
Android	=4.3
Android	=4.3.1
Android	=4.4
Android	=4.4.1
Android	=4.4.2
Android	=4.4.3
Android	=4.4.4
Android	=5.0
Android	=5.0.1
Android	=5.0.2
Android	=5.1
Android	=5.1.0
Android	=5.1.1
Android	=6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1155?
CVE-2016-1155 is classified as a high severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2016-1155?
The recommended fix for CVE-2016-1155 is to update to a patched version of the Android OS that addresses the HTTP header injection vulnerability.
What versions of Android are affected by CVE-2016-1155?
CVE-2016-1155 affects Android OS versions from 2.2 to 6.0.
What impact does CVE-2016-1155 have on affected devices?
CVE-2016-1155 can allow attackers to execute arbitrary scripts or set malicious values in cookies on affected devices.
Can CVE-2016-1155 be exploited without user interaction?
Yes, CVE-2016-1155 can be exploited remotely without requiring user interaction, making it particularly dangerous.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/google
canonical/android
version/android/2.2
version/android/2.2-rev1
version/android/2.2.1
version/android/2.2.2
version/android/2.2.3
version/android/2.3
version/android/2.3-rev1
version/android/2.3.1
version/android/2.3.2
version/android/2.3.3
version/android/2.3.4
version/android/2.3.5
version/android/2.3.6
version/android/2.3.7
version/android/3.0
version/android/3.1
version/android/3.2
version/android/3.2.1
version/android/3.2.2
version/android/3.2.4
version/android/3.2.6
version/android/4.0
version/android/4.0.1
version/android/4.0.2
version/android/4.0.3
version/android/4.0.4
version/android/4.1
version/android/4.1.2
version/android/4.2
version/android/4.2.1
version/android/4.2.2
version/android/4.3
version/android/4.3.1
version/android/4.4
version/android/4.4.1
version/android/4.4.2
version/android/4.4.3
version/android/4.4.4
version/android/5.0
version/android/5.0.1
version/android/5.0.2
version/android/5.1
version/android/5.1.0
version/android/5.1.1
version/android/6.0