FKIE_CVE-2019-4396

Vulnerability from fkie_nvd - Published: 2019-10-25 17:15 - Updated: 2024-11-21 04:43
Severity
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/162236VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1096354Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/162236VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1096354Vendor Advisory
Impacted products
Vendor Product Version
ibm cloud_orchestrator *
ibm cloud_orchestrator *
ibm cloud_orchestrator *
ibm cloud_orchestrator *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "C122C107-AD04-48A7-8C95-9907063E45F8",
              "versionEndIncluding": "2.4.0.5",
              "versionStartIncluding": "2.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A033CBB2-4F3C-43D9-A0C4-E0DDFB4EE702",
              "versionEndIncluding": "2.4.0.5",
              "versionStartIncluding": "2.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "E61F3D16-BB6E-4FA4-A3C2-A05F3C613C8A",
              "versionEndIncluding": "2.5.0.9",
              "versionStartIncluding": "2.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6661F2D4-F106-4FA9-B40D-CDD562FCAE91",
              "versionEndIncluding": "2.5.0.9",
              "versionStartIncluding": "2.5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236."
    },
    {
      "lang": "es",
      "value": "IBM Cloud Orchestrator versiones 2.4 hasta 2.4.0.5 y versiones 2.5 hasta 2.5.0.9, es vulnerable a ataques de divisi\u00f3n de respuesta HTTP, causados ??por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para inyectar encabezados HTTP arbitrarios y hacer que el servidor devuelva una respuesta dividida, una vez que la URL sea cliqueada. Esto permitir\u00eda al atacante realizar futuros ataques, tales como el envenenamiento de la memoria cach\u00e9 Web o un cross-site scripting , y posiblemente obtener informaci\u00f3n confidencial. ID de IBM X-Force: 162236."
    }
  ],
  "id": "CVE-2019-4396",
  "lastModified": "2024-11-21T04:43:33.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-25T17:15:11.350",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1096354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1096354"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.