CVE-2016-8024

Name of the Vulnerable Software and Affected Versions Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier McAfee VirusScan Enterprise (affected versions not specified)

Description The issue is related to the improper neutralization of CRLF sequences in HTTP headers, which allows a remote unauthenticated attacker to obtain sensitive information via server HTTP response spoofing. This can be exploited by a remote attacker to gain access to confidential data.

Recommendations For Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. For McAfee VirusScan Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.