Critical severity9.8NVD Advisory· Published Apr 13, 2017· Updated May 13, 2026

CVE-2016-1155

Description

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97662nvdThird Party AdvisoryVDB Entry
jvn.jp/vu/JVNVU99757346/index.htmlnvdMitigationThird Party AdvisoryVDB Entry
android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86ebnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000