VAR-201609-0584
Vulnerability from variot - Updated: 2025-04-13 23:41CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Huawei FusionAccess Is CRLF An injection vulnerability exists. http://cwe.mitre.org/data/definitions/113.htmlBy any third party HTTP Inserted header, HTTP There is a possibility of executing a response split attack. Huawei FusionAccess is prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. An attacker can exploit this issue to inject arbitrary HTTP headers into a server response that could help to bypass security controls, perform cache poisoning and alter request or response page. This may aid in further attacks. Huawei FusionAccess is a desktop management system of Huawei's FusionCloud desktop cloud solution developed by China's Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c20"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c10"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c30"
},
{
"model": "fusionaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r006c00"
},
{
"model": "fusionaccess v100r005c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r006c00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "92502"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6839",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-95659",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-6839",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6839",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-6839",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-382",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95659",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Huawei FusionAccess Is CRLF An injection vulnerability exists. http://cwe.mitre.org/data/definitions/113.htmlBy any third party HTTP Inserted header, HTTP There is a possibility of executing a response split attack. Huawei FusionAccess is prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. \nAn attacker can exploit this issue to inject arbitrary HTTP headers into a server response that could help to bypass security controls, perform cache poisoning and alter request or response page. This may aid in further attacks. Huawei FusionAccess is a desktop management system of Huawei\u0027s FusionCloud desktop cloud solution developed by China\u0027s Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "VULHUB",
"id": "VHN-95659"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6839",
"trust": 2.8
},
{
"db": "BID",
"id": "92502",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95659",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"id": "VAR-201609-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
}
],
"trust": 0.33611111000000005
},
"last_update_date": "2025-04-13T23:41:16.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160817-01-fusionaccess",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-113",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92502"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6839"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6839"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-01-fusionaccess-en"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-95659"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92502"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"date": "2016-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"date": "2016-09-07T19:28:16.910000",
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-95659"
},
{
"date": "2016-08-31T19:00:00",
"db": "BID",
"id": "92502"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"date": "2016-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…