CVE-2017-1262 — HTTP Request/Response Splitting in IBM Security Guardium

CWE-113 — HTTP Request/Response Splitting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium

Timeline

PublishedDec 20

Latest updateMay 14

Description

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/security_guardium5 versions+4

▶NVDibm/security_guardium5 versions+4

🔴Vulnerability Details

GHSA

GHSA-cg44-83gm-9c7j: IBM Security Guardium 10↗2022-05-14

▶

CVEList

CVE-2017-1262: IBM Security Guardium 10↗2017-12-20

▶

Kernel

mm/slub.c: add a naive detection of double free or corruption↗2017-09-06

▶