CRLF Injection Vulnerability in IBM Proventia Network Mail Security System
CVE-2010-0155

Currently unrated

Key Information:

Vendor: IBM
Status: Proventia Network Mail Security System Virtual Appliance; Proventia Network Mail Security System Virtual Appliance Firmware
Vendor: CVE Published:; 14 September 2010

Summary

The IBM Proventia Network Mail Security System (PNMSS) appliance contains a CRLF injection vulnerability located in the load.php file of its Local Management Interface (LMI). This flaw affects remote authenticated users, allowing them to insert arbitrary HTTP headers. Exploitation may lead to significant threats such as HTTP response splitting attacks, which can manipulate how clients interact with the server, potentially resulting in data exposure or service disruption. It is crucial for users to implement firmware updates and adopt security practices to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/archive/1/513636/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.ventuneac.net/security-advisories/MVSA-10-009

x_refsource_MISC

Timeline

Vulnerability published
Sep 14, 2010
Vulnerability Reserved
Jan 4, 2010