cve-2017-1262
Vulnerability from cvelistv5
Published
2017-12-20 18:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010438 | Vendor Advisory | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/124737 | Third Party Advisory, VDB Entry |
Impacted products
▼ | Vendor | Product |
---|---|---|
IBM | Security Guardium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:17.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22010438" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124737" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Guardium", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0" }, { "status": "affected", "version": "10.0.1" }, { "status": "affected", "version": "10.1" }, { "status": "affected", "version": "10.1.2" }, { "status": "affected", "version": "10.1.3" } ] } ], "datePublic": "2017-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-20T17:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22010438" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124737" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-12-18T00:00:00", "ID": "CVE-2017-1262", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Guardium", "version": { "version_data": [ { "version_value": "10.0" }, { "version_value": "10.0.1" }, { "version_value": "10.1" }, { "version_value": "10.1.2" }, { "version_value": "10.1.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22010438", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22010438" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124737", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124737" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1262", "datePublished": "2017-12-20T18:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T21:57:52.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-1262\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2017-12-20T18:29:00.387\",\"lastModified\":\"2018-01-03T17:15:31.413\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.\"},{\"lang\":\"es\",\"value\":\"IBM Security Guardium 10.0 es vulnerable a ataques de separaci\u00f3n de respuesta HTTP. Un atacante remoto podr\u00eda explotar esta vulnerabilidad utilizando una URL especialmente manipulada para provocar que el servidor devuelva una respuesta dividida una vez que se pincha en la URL. Esto permitir\u00eda que el atacante realice m\u00e1s ataques como el envenenamiento de la memoria cach\u00e9 web, Cross-Site Scripting (XSS) y posiblemente la obtenci\u00f3n de informaci\u00f3n sensible. IBM X-Force ID: 124737.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-113\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552A0A69-388F-4842-A882-78F267D4BF09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A60EABED-C8D2-4D84-9EE2-80397057DBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E6B962-F8F8-4979-BC76-AE0B16EEB082\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0057282B-A778-4B71-97EC-D054B1EF96A4\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22010438\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/124737\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.