CVE-2016-2216 in Xcodeinfo

Summary

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

02/03/2016

Disclosure

04/07/2016

Moderation

VulDB entry created

Entries

2: VDB-93153

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.5

EPSS

0.01835

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2216
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2216
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2216/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!