CVE-2016-1155

Name of the Vulnerable Software and Affected Versions Android OS versions 2.2 through 6.0

Description The issue exists due to the failure to neutralize special elements in the HTTP header. This allows a remote attacker to inject arbitrary scripts or set arbitrary values in cookies, potentially leading to further exploitation.

Recommendations For Android OS versions 2.2 through 6.0, consider restricting access to sensitive operations that rely on the URLConnection class until a patch is available. As a temporary workaround, avoid using the URLConnection class for handling HTTP requests that may come from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.