CVE-2018-16181 | Date: (C)2019-01-12 (M)2023-12-22 |
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 6.1 | CVSS Score : 5.8 |
Exploit Score: 2.8 | Exploit Score: 8.6 |
Impact Score: 2.7 | Impact Score: 4.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: REQUIRED | Confidentiality: PARTIAL |
Scope: CHANGED | Integrity: PARTIAL |
Confidentiality: LOW | Availability: NONE |
Integrity: LOW | |
Availability: NONE | |
| |