Crlf injection

2013-06-0321:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.6%

JSON

CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CPENameOperatorVersion
websphere_portaleq8.0.0.1
websphere_portaleq8.0.0.0
websphere_portaleq8.0.0.0 cf4
websphere_portaleq8.0.0.1 cf5
websphere_portaleq8.0.0.1 cf4
websphere_portaleq8.0.0.0 cf1
websphere_portaleq8.0.0.0 cf2
websphere_portaleq8.0.0.0 cf5
websphere_portaleq8.0.0.0 cf3
websphere_portaleq8.0

Name	Operator	Version
websphere_portal	eq	8.0.0.1
websphere_portal	eq	8.0.0.0
websphere_portal	eq	8.0.0.0 cf4
websphere_portal	eq	8.0.0.1 cf5
websphere_portal	eq	8.0.0.1 cf4
websphere_portal	eq	8.0.0.0 cf1
websphere_portal	eq	8.0.0.0 cf2
websphere_portal	eq	8.0.0.0 cf5
websphere_portal	eq	8.0.0.0 cf3
websphere_portal	eq	8.0