Sign-up

ID

VAR-201609-0584


CVE

CVE-2016-6839


TITLE

Huawei FusionAccess In CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004562

DESCRIPTION

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Huawei FusionAccess Is CRLF An injection vulnerability exists. http://cwe.mitre.org/data/definitions/113.htmlBy any third party HTTP Inserted header, HTTP There is a possibility of executing a response split attack. Huawei FusionAccess is prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. An attacker can exploit this issue to inject arbitrary HTTP headers into a server response that could help to bypass security controls, perform cache poisoning and alter request or response page. This may aid in further attacks. Huawei FusionAccess is a desktop management system of Huawei's FusionCloud desktop cloud solution developed by China's Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface

Trust: 1.98

sources: NVD: CVE-2016-6839 // JVNDB: JVNDB-2016-004562 // BID: 92502 // VULHUB: VHN-95659

AFFECTED PRODUCTS

vendor:huaweimodel:fusionaccessscope:eqversion:v100r005c20

Trust: 1.6

vendor:huaweimodel:fusionaccessscope:eqversion:v100r005c10

Trust: 1.6

vendor:huaweimodel:fusionaccessscope:eqversion:v100r005c30

Trust: 1.6

vendor:huaweimodel:fusionaccessscope:ltversion:v100r006c00

Trust: 0.8

vendor:huaweimodel:fusionaccess v100r005c30scope: - version: -

Trust: 0.3

vendor:huaweimodel:fusionaccess v100r005c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:fusionaccess v100r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:fusionaccess v100r006c00scope:neversion: -

Trust: 0.3

sources: BID: 92502 // JVNDB: JVNDB-2016-004562 // CNNVD: CNNVD-201608-382 // NVD: CVE-2016-6839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6839
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6839
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201608-382
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95659
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6839
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95659
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6839
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95659 // JVNDB: JVNDB-2016-004562 // CNNVD: CNNVD-201608-382 // NVD: CVE-2016-6839

PROBLEMTYPE DATA

problemtype:CWE-113

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-95659 // JVNDB: JVNDB-2016-004562 // NVD: CVE-2016-6839

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-382

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201608-382

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004562

PATCH
title:huawei-sa-20160817-01-fusionaccessurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004562

EXTERNAL IDS
db:NVDid:CVE-2016-6839
Trust: 2.8
db:BIDid:92502
Trust: 2.0
db:JVNDBid:JVNDB-2016-004562
Trust: 0.8
db:CNNVDid:CNNVD-201608-382
Trust: 0.7
db:VULHUBid:VHN-95659
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95659 // 
            
            
            
            BID: 92502 // 
            
            
            
            JVNDB: JVNDB-2016-004562 // 
            
            
            
            CNNVD: CNNVD-201608-382 // 
            
            
            
            NVD: CVE-2016-6839

REFERENCES
url:http://www.securityfocus.com/bid/92502
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6839
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6839
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-01-fusionaccess-en
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95659 // 
            
            
            
            BID: 92502 // 
            
            
            
            JVNDB: JVNDB-2016-004562 // 
            
            
            
            CNNVD: CNNVD-201608-382 // 
            
            
            
            NVD: CVE-2016-6839

CREDITS
Huawei
Trust: 0.9
sources:
            
            
            BID: 92502 // 
            
            
            
            CNNVD: CNNVD-201608-382

SOURCES
db:VULHUBid:VHN-95659
db:BIDid:92502
db:JVNDBid:JVNDB-2016-004562
db:CNNVDid:CNNVD-201608-382
db:NVDid:CVE-2016-6839

LAST UPDATE DATE
2025-04-13T23:41:16.973000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95659date:2016-09-08T00:00:00
db:BIDid:92502date:2016-08-31T19:00:00
db:JVNDBid:JVNDB-2016-004562date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-382date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6839date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95659date:2016-09-07T00:00:00
db:BIDid:92502date:2016-08-17T00:00:00
db:JVNDBid:JVNDB-2016-004562date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-382date:2016-08-19T00:00:00
db:NVDid:CVE-2016-6839date:2016-09-07T19:28:16.910