Vulnerability CVE-2016-1669

Vulnerability Name:

CVE-2016-1669 (CCN-113145)

Assigned:

2016-05-11

Published:

2016-05-11

Updated:

2023-01-19

Summary:

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-1669

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update

Source: cve-coordination@google.com
Type: Vendor Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Mailing List, Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Mailing List, Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Mailing List, Third Party Advisory
cve-coordination@google.com

Source: CCN
Type: RHSA-2016-1080
Important: chromium-browser security update

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: CCN
Type: RHSA-2017-0002
Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: CCN
Type: RHSA-2017-0879
Moderate: v8 security update

Source: CCN
Type: RHSA-2017-0880
Moderate: v8 security update

Source: CCN
Type: RHSA-2017-0881
Moderate: v8 security update

Source: CCN
Type: RHSA-2017-0882
Moderate: v8 security update

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: CCN
Type: IBM Security Bulletin N1021482 (i)
Vulnerability CVE-2016-1669 in Node.js affects IBM i

Source: CCN
Type: IBM Security Bulletin 1986383 (SDK for Node.js)
IBM SDK for Node.js may be affected by CVE-2016-1669

Source: CCN
Type: IBM Security Bulletin 1987539 (SDK for Node.js for Bluemix)
IBM SDK for Node.js in IBM Bluemix may be affected by CVE-2016-1669

Source: CCN
Type: IBM Security Bulletin 1990050 (DataPower Gateways)
Vulnerabilities in node.js processing affect IBM DataPower Gateways

Source: CCN
Type: IBM Security Bulletin 1990841 (Business Process Manager Advanced)
Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-9748, CVE-2016-1669)

Source: CCN
Type: BID-90584
Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities

Source: cve-coordination@google.com
Type: Third Party Advisory, VDB Entry
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory, VDB Entry
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: XF
Type: UNKNOWN
google-chrome-cve20161669-bo(113145)

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Mailing List, Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Mailing List, Third Party Advisory
cve-coordination@google.com

Source: cve-coordination@google.com
Type: Third Party Advisory
cve-coordination@google.com

Source: CCN
Type: Apple security document HT207268
About the security content of Xcode 8.1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-1669

Vulnerable Configuration:

Configuration CCN 1:

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:1.1:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:1.2:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:sdk:*:*:node.js:*:bluemix:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sdk:4.0:*:*:*:node.js:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:datapower_gateway:7.5.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7717	P	mailx-12.5-3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7739	P	perl-DBD-mysql-4.046-3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:20161669	V	CVE-2016-1669	2022-06-30
oval:org.opensuse.security:def:113040	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112065	P	chromedriver-55.0.2883.75-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:6990	P	Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) (Important)	2021-11-17
oval:org.opensuse.security:def:105614	P	chromedriver-55.0.2883.75-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106480	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:6915	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-06-18
oval:org.opensuse.security:def:36505	P	libwsman-devel-2.2.3-0.8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36547	P	python-imaging-1.1.6-168.34.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6896	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:6881	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:7079	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP2) (Important)	2021-04-28
oval:org.opensuse.security:def:7066	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:7015	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:7057	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-16
oval:org.opensuse.security:def:7048	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:35756	P	libnetpbm10-10.26.44-101.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35823	P	squidGuard-1.4-13.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13248	P	nodejs4-4.4.7-2.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35707	P	glib2-2.22.5-0.2.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46368	P	nodejs4-4.4.7-2.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35795	P	openvpn-2.0.9-143.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35867	P	apache2-mod_security2-2.7.1-0.2.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35648	P	wget-1.11.4-1.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35009	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:35104	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35341	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:6766	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35488	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:6834	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6758	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35020	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:35240	P	Security update for libpng12-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:35398	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:6788	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.cisecurity:def:847	P	DSA-3590-1 -- chromium-browser -- security update	2016-07-29
oval:org.cisecurity:def:605	V	Vulnerability in Google Chrome before 50.0.2661.102 (CVE-2016-1669)	2016-07-01
oval:com.ubuntu.artful:def:20161669000	V	CVE-2016-1669 on Ubuntu 17.10 (artful) - medium.	2016-05-14
oval:com.ubuntu.xenial:def:201616690000000	V	CVE-2016-1669 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-14
oval:com.ubuntu.trusty:def:20161669000	V	CVE-2016-1669 on Ubuntu 14.04 LTS (trusty) - medium.	2016-05-14
oval:com.ubuntu.bionic:def:20161669000	V	CVE-2016-1669 on Ubuntu 18.04 LTS (bionic) - medium.	2016-05-14
oval:com.ubuntu.xenial:def:20161669000	V	CVE-2016-1669 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-14
oval:com.ubuntu.cosmic:def:201616690000000	V	CVE-2016-1669 on Ubuntu 18.10 (cosmic) - medium.	2016-05-14
oval:com.ubuntu.cosmic:def:20161669000	V	CVE-2016-1669 on Ubuntu 18.10 (cosmic) - medium.	2016-05-14
oval:com.ubuntu.bionic:def:201616690000000	V	CVE-2016-1669 on Ubuntu 18.04 LTS (bionic) - medium.	2016-05-14
oval:com.ubuntu.precise:def:20161669000	V	CVE-2016-1669 on Ubuntu 12.04 LTS (precise) - medium.	2016-05-14

BACK