Vulnerability Name: | CVE-2014-3012 (CCN-93010) | ||||||||
Assigned: | 2014-06-09 | ||||||||
Published: | 2014-06-09 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs. Per: http://cwe.mitre.org/data/definitions/93.html "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-3012 Source: SECUNIA Type: UNKNOWN 59257 Source: CCN Type: IBM Security Bulletin 1675454 Curam is vulnerable to CRLF Injection attack (CVE-2014-3012) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21675454 Source: CCN Type: BID-68008 IBM Cúram Social Program Management CVE-2014-3012 HTTP Response Splitting Vulnerability Source: XF Type: UNKNOWN ibm-curam-cve20143012-crlf-injection(93010) Source: XF Type: UNKNOWN ibm-curam-cve20143012-crlf-injection(93010) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |