Описание
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
Комментарий
Per: http://cwe.mitre.org/data/definitions/93.html
"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00173
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
EPSS
Процентиль: 39%
0.00173
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other