Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3069

Опубликовано: 12 авг. 2014
Источник: nvd
CVSS2: 3.5
EPSS Низкий

Описание

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.

Комментарий

CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.0016
Низкий

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-x5jq-472r-hm3v

github
больше 3 лет назад

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.

EPSS

Процентиль: 37%
0.0016
Низкий

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other