CVE-2016-5331

CVE Database · CVE-2016-5331

CVE-2016-5331

· N/AModified

CVSS v3.1

N/A

EPSS

1.91%

Published

Aug 7, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Weaknesses (CWE)

CWE-93

Affected Products (2)

vmware · vcenter_servervulnerable

vmware · esxivulnerable

References (16)

http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html

http://seclists.org/fulldisclosure/2016/Aug/38

http://www.securityfocus.com/archive/1/539128/100/0/threaded

http://www.securityfocus.com/bid/92324

http://www.securitytracker.com/id/1036543

http://www.securitytracker.com/id/1036544

http://www.securitytracker.com/id/1036545

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

MitigationPatchVendor Advisory

http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html

KEV Catalog EPSS Scores Vendors All CVEs