CVE-2016-1155

2017-04-1317:00:00

jpcert

www.cve.org

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

References

www.securityfocus.com/bid/97662

android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb

jvn.jp/vu/JVNVU99757346/index.html