CVE-2013-2950

EUVD-2013-2889
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_portal
8.0
ibmwebsphere_portal
8.0.0.0
ibmwebsphere_portal
8.0.0.0:cf01
ibmwebsphere_portal
8.0.0.0:cf02
ibmwebsphere_portal
8.0.0.0:cf03
ibmwebsphere_portal
8.0.0.0:cf04
ibmwebsphere_portal
8.0.0.0:cf05
ibmwebsphere_portal
8.0.0.1
ibmwebsphere_portal
8.0.0.1:cf04
ibmwebsphere_portal
8.0.0.1:cf05
ibmwebsphere_portal
7.0.0.0
ibmwebsphere_portal
7.0.0.0:cf001
ibmwebsphere_portal
7.0.0.1
ibmwebsphere_portal
7.0.0.1:cf002
ibmwebsphere_portal
7.0.0.1:cf003
ibmwebsphere_portal
7.0.0.1:cf004
ibmwebsphere_portal
7.0.0.1:cf005
ibmwebsphere_portal
7.0.0.1:cf006
ibmwebsphere_portal
7.0.0.1:cf007
ibmwebsphere_portal
7.0.0.1:cf008
ibmwebsphere_portal
7.0.0.1:cf009
ibmwebsphere_portal
7.0.0.1:cf010
ibmwebsphere_portal
7.0.0.1:cf019
ibmwebsphere_portal
7.0.0.2
ibmwebsphere_portal
7.0.0.2:cf011
ibmwebsphere_portal
7.0.0.2:cf012
ibmwebsphere_portal
7.0.0.2:cf013
ibmwebsphere_portal
7.0.0.2:cf014
ibmwebsphere_portal
7.0.0.2:cf015
ibmwebsphere_portal
7.0.0.2:cf016
ibmwebsphere_portal
7.0.0.2:cf017
ibmwebsphere_portal
7.0.0.2:cf018
ibmwebsphere_portal
7.0.0.2:cf019
ibmwebsphere_portal
7.0.0.2:cf020
ibmwebsphere_portal
6.1.0.0
ibmwebsphere_portal
6.1.0.1
ibmwebsphere_portal
6.1.0.2
ibmwebsphere_portal
6.1.0.3
ibmwebsphere_portal
6.1.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071
http://www-01.ibm.com/support/docview.wss?uid=swg21638864
https://exchange.xforce.ibmcloud.com/vulnerabilities/83618
http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071
http://www-01.ibm.com/support/docview.wss?uid=swg21638864
https://exchange.xforce.ibmcloud.com/vulnerabilities/83618