CVE-2014-9564

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Ib6131 Firmware
Vendor: CVE Published:; 25 August 2017

Summary

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.

References

https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74931

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 25, 2017
Vulnerability Reserved
Jan 7, 2015