Vulnerability Description
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Proventia Network Mail Security System Virtual Appliance | All versions |
| Ibm | Proventia Network Mail Security System Virtual Appliance Firmware | 1.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/513636/100/0/threaded
- http://www.ventuneac.net/security-advisories/MVSA-10-009
- http://www.securityfocus.com/archive/1/513636/100/0/threaded
- http://www.ventuneac.net/security-advisories/MVSA-10-009
FAQ
What is CVE-2010-0155?
CVE-2010-0155 is a vulnerability with a CVSS score of 3.5 (LOW). CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticate...
How severe is CVE-2010-0155?
CVE-2010-0155 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0155?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Proventia Network Mail Security System Virtual Appliance, Ibm Proventia Network Mail Security System Virtual Appliance Firmware.