CRLF Injection Vulnerability in IBM Flex System EN6131 and IB6131 Switch Firmware
CVE-2014-9564

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Ib6131 Firmware
Vendor: CVE Published:; 25 August 2017

Summary

The CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware prior to version 3.4.1110 allows remote attackers to manipulate HTTP headers. This can lead to HTTP response splitting attacks, enabling web cache poisoning, and potentially facilitating cross-site scripting (XSS) attacks. Attackers can exploit multiple unspecified parameters to gain access to sensitive information, making it important for users of the affected products to apply necessary updates.

References

https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74931

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 25, 2017
Vulnerability Reserved
Jan 7, 2015