CVE-2014-4803

Currently unrated

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 13 February 2015

Summary

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95305

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21695925

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 13, 2015
Vulnerability Reserved
Jul 9, 2014