CRLF Injection Vulnerability in IBM Flex System EN6131 and IB6131 Switch Firmware
CVE-2014-9564

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 August 2017

Summary

The CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware prior to version 3.4.1110 allows remote attackers to manipulate HTTP headers. This can lead to HTTP response splitting attacks, enabling web cache poisoning, and potentially facilitating cross-site scripting (XSS) attacks. Attackers can exploit multiple unspecified parameters to gain access to sensitive information, making it important for users of the affected products to apply necessary updates.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.