CVE-2016-8024
First published: Tue Mar 14 2017(Updated: )
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee VirusScan Enterprise | <=2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8024?
CVE-2016-8024 is classified as a medium severity vulnerability.
How do I fix CVE-2016-8024?
To mitigate CVE-2016-8024, upgrade Intel Security VirusScan Enterprise Linux to version 2.0.4 or later.
What type of vulnerability is CVE-2016-8024?
CVE-2016-8024 is an HTTP response header injection vulnerability.
Who is affected by CVE-2016-8024?
CVE-2016-8024 affects users of Intel Security VirusScan Enterprise Linux version 2.0.3 and earlier.
What could an attacker do with CVE-2016-8024?
An attacker could exploit CVE-2016-8024 to spoof server responses and potentially gain access to sensitive information.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mcafee
- canonical/mcafee virusscan enterprise
- version/mcafee virusscan enterprise/2.0.3