CVE-2016-3166
- Source
- https://cve.org/CVERecord?id=CVE-2016-3166
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3166.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3166
- Aliases
- Published
- 2016-04-12T15:59:04.027Z
- Modified
- 2026-04-10T03:49:28.474132Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
CRLF injection vulnerability in the drupalsetheader function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
- References
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "6.0-dev" }, { "introduced": "0" }, { "last_affected": "6.1" }, { "introduced": "0" }, { "last_affected": "6.2" }, { "introduced": "0" }, { "last_affected": "6.3" }, { "introduced": "0" }, { "last_affected": "6.4" }, { "introduced": "0" }, { "last_affected": "6.5" }, { "introduced": "0" }, { "last_affected": "6.6" }, { "introduced": "0" }, { "last_affected": "6.7" }, { "introduced": "0" }, { "last_affected": "6.8" }, { "introduced": "0" }, { "last_affected": "6.9" }, { "introduced": "0" }, { "last_affected": "6.10" }, { "introduced": "0" }, { "last_affected": "6.11" }, { "introduced": "0" }, { "last_affected": "6.12" }, { "introduced": "0" }, { "last_affected": "6.13" }, { "introduced": "0" }, { "last_affected": "6.14" }, { "introduced": "0" }, { "last_affected": "6.15" }, { "introduced": "0" }, { "last_affected": "6.16" }, { "introduced": "0" }, { "last_affected": "6.17" }, { "introduced": "0" }, { "last_affected": "6.18" }, { "introduced": "0" }, { "last_affected": "6.19" }, { "introduced": "0" }, { "last_affected": "6.20" }, { "introduced": "0" }, { "last_affected": "6.21" }, { "introduced": "0" }, { "last_affected": "6.22" }, { "introduced": "0" }, { "last_affected": "6.23" }, { "introduced": "0" }, { "last_affected": "6.24" }, { "introduced": "0" }, { "last_affected": "6.25" }, { "introduced": "0" }, { "last_affected": "6.26" }, { "introduced": "0" }, { "last_affected": "6.27" }, { "introduced": "0" }, { "last_affected": "6.28" }, { "introduced": "0" }, { "last_affected": "6.29" }, { "introduced": "0" }, { "last_affected": "6.30" }, { "introduced": "0" }, { "last_affected": "6.31" }, { "introduced": "0" }, { "last_affected": "6.32" }, { "introduced": "0" }, { "last_affected": "6.33" }, { "introduced": "0" }, { "last_affected": "6.34" }, { "introduced": "0" }, { "last_affected": "6.35" }, { "introduced": "0" }, { "last_affected": "6.36" }, { "introduced": "0" }, { "last_affected": "6.37" } ] }
Affected versions
1.*
1.0
2.*
2.0
3.*
3.0.1
5.*
5.0-beta-1
5.0-beta-2
5.0-rc-1
5.0-rc-2
6.*
6.0
6.0-beta-1
6.0-beta-2
6.0-beta-3
6.0-beta-4
6.0-rc-1
6.0-rc-2
6.0-rc-3
6.0-rc-4
6.1
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.2
6.20
6.21
6.22
6.23
6.24
6.25
6.26
6.27
6.28
6.29
6.3
6.30
6.31
6.32
6.33
6.34
6.35
6.36
6.37
6.4
6.5
6.6
6.7
6.8
6.9
7.*
7.0
7.0-alpha1
7.0-alpha2
7.0-alpha3
7.0-alpha4
7.0-alpha5
7.0-alpha6
7.0-alpha7
7.0-beta1
7.0-beta2
7.0-beta3
7.0-rc-1
7.0-rc-2
7.0-rc-3
7.0-rc-4
7.0-unstable-1
7.0-unstable-10
7.0-unstable-2
7.0-unstable-3
7.0-unstable-4
7.0-unstable-5
7.0-unstable-6
7.0-unstable-7
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
Other
start
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3166.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0-rc4"
}
]
}
]