NVD

Id
38855  
Name
CVE-2013-2950  
Description
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2013-06-03  
Modified Date
2013-06-04  
Seq
2013-2950  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
199257 38855 CVE-2013-2950 PM85071  View
199258 38855 CVE-2013-2950 http://www-01.ibm.com/support/docview.wss?uid=swg21638864  View
199259 38855 CVE-2013-2950 was-portal-cve20132950-response-splitting(83618)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
21291 JVNDB-2013-002866 IBM WebSphere Portal における CRLF インジェクションの脆弱性 IBM WebSphere Portal には、home substitution (別名 uri.home.substitution) が有効になっている場合、CRLF インジェクションの脆弱性が存在します。 CVE-2013-2950 62892 CVE-2013-2950 38855 3.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002866.html 2013-05-28 2013-06-05 View