CVE-2016-3118

Vulnerability

CA API Gateway (formerly Layer7 API Gateway) versions 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 are affected by a CRLF injection vulnerability. The issue allows an attacker to inject arbitrary CRLF sequences into HTTP responses, enabling response splitting and other HTTP-level attacks. The exact vectors are not detailed, but the vulnerability exists in the gateway's handling of HTTP headers [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted requests to the affected gateway. The attacker does not require any prior authentication or local access. The underlying mechanism involves injecting CRLF sequences into HTTP response headers, which can be achieved by manipulating request parameters or headers that are echoed in responses [1].

Impact

Successful exploitation allows the attacker to perform HTTP response splitting, which can lead to cache poisoning, cross-site scripting (XSS), or page defacement. The scope of impact depends on how the gateway is deployed, but the attacker can potentially influence the behavior of intermediate caches or end users' browsers [1]. The exact impact is described as "unspecified" in the advisory.

Mitigation

CA has released patches for the affected versions: upgrade to 7.1.04, 8.3.01, or 8.4.01 respectively. The security notice [1] details the fixed versions. No workarounds are provided. Users should apply the updates as soon as possible.