Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3998

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2013-3998
Last Modified 26 Mar 2014 01:40:50
Published 26 Mar 2014 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-3998

Summary

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Systems

Application

  • Ibm Infosphere Biginsights 1.1.0.0

  • Ibm Infosphere Biginsights 1.1.0.1

  • Ibm Infosphere Biginsights 1.1.0.2

  • Ibm Infosphere Biginsights 1.2.0.0

  • Ibm Infosphere Biginsights 1.3.0.0

  • Ibm Infosphere Biginsights 1.3.0.1

  • Ibm Infosphere Biginsights 1.4.0.0

  • Ibm Infosphere Biginsights 2.0.0.0

  • Ibm Infosphere Biginsights 2.1.0.0

  • Ibm Infosphere Biginsights 2.1.0.1


References

XF - ibm-infosphere-cve20133998-resp-splitting(84987)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21667812


Last Updated: 27 May 2016 11:04:47