CVE-2014-9564 — MEDIUM (6.1)

Vulnerability Description

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Ib6131 Firmware	-
Ibm	Ib6131	-
Ibm	En6131 Firmware	-
Ibm	En6131	-

Related Weaknesses (CWE)

CWE-93

References

http://www.securityfocus.com/bid/74931Third Party AdvisoryVDB Entry
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173Vendor Advisory
http://www.securityfocus.com/bid/74931Third Party AdvisoryVDB Entry
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173Vendor Advisory

FAQ

What is CVE-2014-9564?

CVE-2014-9564 is a vulnerability with a CVSS score of 6.1 (MEDIUM). CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTT...

How severe is CVE-2014-9564?

CVE-2014-9564 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9564?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Ib6131 Firmware, Ibm Ib6131, Ibm En6131 Firmware, Ibm En6131.