Vulnerability Details : CVE-2014-9564
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-9564
- cpe:2.3:o:ibm:ib6131_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:en6131_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9564
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9564
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2014-9564
-
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9564
-
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173
IBM Security Bulletin: Vulnerabilities affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware (CVE-2014-9564, CVE-2014-9565)Vendor Advisory
-
http://www.securityfocus.com/bid/74931
Multiple IBM Flex System Products CVE-2014-9564 HTTP Response Splitting VulnerabilityThird Party Advisory;VDB Entry
Jump to