PatchSiren cyber security CVE debrief

CVE-2016-6484 Infoblox CVE debrief

CVE-2016-6484 is a CRLF injection vulnerability in Infoblox Network Automation NetMRI. The issue is described as affecting NetMRI before 7.1.1 and allowing remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting through the contentType parameter in a login request. The NVD record classifies it as CWE-93 and rates it CVSS 3.0 6.1 (Medium).

Vendor: Infoblox
Product: CVE-2016-6484
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-23
Original CVE updated: 2026-05-13
Advisory published: 2017-01-23
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for Infoblox NetMRI deployments, especially systems exposing the login endpoint to untrusted networks or users who may access the affected page during normal workflows.

Technical summary

The supplied NVD data describes a CRLF injection issue in config/userAdmin/login.tdf, where the contentType parameter can be used to inject HTTP headers and split responses. The CVSS vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, no privileges required, and a user interaction requirement. The NVD CPE data marks NetMRI versions up to 7.0.1 as vulnerable, while the textual description says the issue affects versions before 7.1.1; that version detail should be verified against vendor guidance before planning remediation.

Defensive priority

Medium priority. The issue is remotely reachable and can affect confidentiality and integrity, but it requires user interaction and is not listed as causing availability impact. Prioritize any internet-facing or broadly reachable NetMRI management instances.

Recommended defensive actions

Upgrade Infoblox NetMRI to 7.1.1 or later, as stated in the CVE description.
Confirm the exact vulnerable version range in your environment, since the NVD CPE data in the supplied corpus lists versions through 7.0.1 while the description says before 7.1.1.
Restrict access to the NetMRI login interface to trusted administrative networks wherever possible.
Review logs and proxy/WAF telemetry for unusual response headers or signs of response splitting attempts against the login action.
Validate that any compensating controls, such as reverse proxies or header normalization, do not depend on unsanitized request parameters.

Evidence notes

Evidence in the supplied corpus includes the official NVD record, the CVE.org record link, and third-party advisories/DB entries cited by MITRE references. The vulnerability is mapped to CWE-93, and the NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with severity Medium. Publication date is 2017-01-23T21:59:02.003Z; the record was last modified on 2026-05-13T00:24:29.033Z. The supplied data also contains a version-range discrepancy between the narrative description ('before 7.1.1') and the CPE criteria (vulnerable through 7.0.1).

Official resources

CVE-2016-6484 CVE record
CVE.org
CVE-2016-6484 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

Publicly disclosed in the supplied record on 2017-01-23T21:59:02.003Z, with a later metadata modification on 2026-05-13T00:24:29.033Z. The referenced public sources in the record are third-party advisories and vulnerability database entries