25 Oct 2019
Vulnérabilité CVE-2019-4396 CVE Vulnerability
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. (CVSS:3.5) (Last Update:2020-08-24)
Vulnerability Details : IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. Publish Date : 2019-10-25 Last Update Date : 2020-08-24 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-4396
- Number Of Affected Versions By Product
- References For CVE-2019-4396
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-4396There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |