CVE-2010-0155

CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
ibmproventia_network_mail_security_system_virtual_appliance
*
ibmproventia_network_mail_security_system_virtual_appliance_firmware
1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/513636/100/0/threaded
http://www.ventuneac.net/security-advisories/MVSA-10-009
http://www.securityfocus.com/archive/1/513636/100/0/threaded
http://www.ventuneac.net/security-advisories/MVSA-10-009