CVE-2014-9564

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

Published: Aug 25, 2017 / Updated: 87mo ago

010
No CVSS yetEPSS 0.1%
CVE info copied to clipboard

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.

Timeline

First Article

Feedly found the first article mentioning CVE-2014-9564. See article

Aug 25, 2017 at 7:53 PM / twitter.com
EPSS

EPSS Score was set to: 0.1% (Percentile: 40.4%)

Nov 30, 2023 at 6:54 AM
Static CVE Timeline Graph

Affected Systems

Ibm/en6131_firmware
+null more

Patches

www.ibm.com
+null more

Attack Patterns

CAPEC-15: Command Delimiters
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI