CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-06-03T21:00:00

Updated: 2024-08-06T15:52:21.290Z

Reserved: 2013-04-12T00:00:00

Link: CVE-2013-2950

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-06-03T21:55:01.667

Modified: 2024-11-21T01:52:44.463

Link: CVE-2013-2950

cve-icon Redhat

No data.