CVE-2016-3118
medium
CVSS v3
6.5
CVSS v2
6.4
VIR risk
6.5
Description
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| broadcom | api_gateway | 7.1 | |
| broadcom | api_gateway | 8.0 | |
| broadcom | api_gateway | 8.1 | |
| broadcom | api_gateway | 8.2 | |
| broadcom | api_gateway | 8.3 | |
| broadcom | api_gateway | 8.4 | |
References
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx
Verify integrity in audit chain (admin only). AS-IS.