Home > Vulnerability Database > CVE-2016-0789

Mend.io Vulnerability Database

CVE-2016-0789

Good to know:

Date: April 7, 2016

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Language: Java

Severity Score

5.0

Related Resources (5)

Url: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

Url: https://access.redhat.com/errata/RHSA-2016:0711

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-0789

Url: http://rhn.redhat.com/errata/RHSA-2016-1773.html

Url: https://www.mend.io/vulnerability-database/CVE-2016-0789

Severity Score

5.0

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version Jenkins - 1.650;LTS - 1.642.2

Learn More

CVSS v3

Base Score:	5.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL

CVSS v2

Base Score:	3.7
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-0789

Good to know:

Date: April 7, 2016

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?