HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU99757346/index.html | Mitigation Third Party Advisory VDB Entry |
https://android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb | |
http://www.securityfocus.com/bid/97662 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-04-13 10:59
Updated : 2017-04-24 14:28
NVD link : CVE-2016-1155
Mitre link : CVE-2016-1155
JSON object : View
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Products Affected
- android