Lucene search

[email protected]CVE-2013-2950

HistoryJun 03, 2013 - 9:55 p.m.

CVE-2013-2950

2013-06-0321:55:01

CWE-94

[email protected]

web.nvd.nist.gov

cve

2013

2950

crlf

injection

vulnerability

ibm

websphere

portal

http

response

splitting

attack

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.6%

JSON

CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_portalMatch8.0

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.0cf01

ibmwebsphere_portalMatch8.0.0.0cf02

ibmwebsphere_portalMatch8.0.0.0cf03

ibmwebsphere_portalMatch8.0.0.0cf04

ibmwebsphere_portalMatch8.0.0.0cf05

ibmwebsphere_portalMatch8.0.0.1

ibmwebsphere_portalMatch8.0.0.1cf04

ibmwebsphere_portalMatch8.0.0.1cf05

Node

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.0cf001

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.1cf002

ibmwebsphere_portalMatch7.0.0.1cf003

ibmwebsphere_portalMatch7.0.0.1cf004

ibmwebsphere_portalMatch7.0.0.1cf005

ibmwebsphere_portalMatch7.0.0.1cf006

ibmwebsphere_portalMatch7.0.0.1cf007

ibmwebsphere_portalMatch7.0.0.1cf008

ibmwebsphere_portalMatch7.0.0.1cf009

ibmwebsphere_portalMatch7.0.0.1cf010

ibmwebsphere_portalMatch7.0.0.1cf019

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch7.0.0.2cf011

ibmwebsphere_portalMatch7.0.0.2cf012

ibmwebsphere_portalMatch7.0.0.2cf013

ibmwebsphere_portalMatch7.0.0.2cf014

ibmwebsphere_portalMatch7.0.0.2cf015

ibmwebsphere_portalMatch7.0.0.2cf016

ibmwebsphere_portalMatch7.0.0.2cf017

ibmwebsphere_portalMatch7.0.0.2cf018

ibmwebsphere_portalMatch7.0.0.2cf019

ibmwebsphere_portalMatch7.0.0.2cf020

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.5.0

CPENameOperatorVersion
ibm:websphere_portalibm websphere portaleq8.0
ibm:websphere_portalibm websphere portaleq8.0.0.0
ibm:websphere_portalibm websphere portaleq8.0.0.1

CPE	Name	Operator	Version
ibm:websphere_portal	ibm websphere portal	eq	8.0
ibm:websphere_portal	ibm websphere portal	eq	8.0.0.0
ibm:websphere_portal	ibm websphere portal	eq	8.0.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg1PM85071

www-01.ibm.com/support/docview.wss?uid=swg21638864

exchange.xforce.ibmcloud.com/vulnerabilities/83618

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVE-2013-2950

nessus1 cvelist1 prion1 nvd1