CVE-2016-0310 IBM CVE debrief

Who should care

IBM Connections administrators, web application owners, reverse proxy/load balancer teams, and security teams responsible for validating request headers and external redirects.

Technical summary

The issue is described as a possible host header injection attack in IBM Connections that can influence navigation to an attacker’s domain. In the supplied NVD data, the attack vector is network-based, requires low privileges and user interaction, and is scored as CVSS 3.0 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. NVD also maps the weakness to CWE-79 in the record provided.

Defensive priority

Medium. The issue can affect user trust and redirect traffic to attacker-controlled destinations, so it is worth remediating promptly, especially in externally reachable deployments.

Recommended defensive actions

• Apply the IBM fix or mitigation referenced in the vendor advisory for CVE-2016-0310.
• Review any application, proxy, or load balancer logic that accepts or forwards the Host header and ensure only expected hostnames are accepted.
• Validate that generated links, redirects, and canonical URL handling do not depend on untrusted Host header values.
• Monitor for unexpected redirects or navigation to non-canonical domains in IBM Connections workflows.
• Confirm which IBM Connections versions are deployed and prioritize systems matching the affected NVD CPEs (4.0, 4.5, 5.0, and 5.5).

Evidence notes

All substantive claims in this debrief come from the supplied NVD record and the referenced IBM vendor advisory/BID links. The CVE was published on 2017-02-08 and last modified on 2026-05-13. The supplied corpus does not identify a KEV listing.

Official resources