CVE-2014-3012 - Vulnerability Details

Vendors	Products
Ibm	Curam Social Program Management

Link	Providers
http://secunia.com/advisories/59257
http://www-01.ibm.com/support/docview.wss?uid=swg21675454
https://exchange.xforce.ibmcloud.com/vulnerabilities/93010

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "59257", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59257"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "59257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59257"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.394Z"}, "title": "CVE Program Container", "references": [{"name": "59257", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59257"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3012", "datePublished": "2014-06-18T16:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:28:46.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-06-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : 59257 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59257 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

}

2 : { »

name : ibm-curam-cve20143012-crlf-injection(93010) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2014-3012 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 59257 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59257 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

}

2 : { »

name : ibm-curam-cve20143012-crlf-injection(93010) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:28:46.394Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 59257 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59257 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

}

2 : { »

name : ibm-curam-cve20143012-crlf-injection(93010) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2014-3012 (string)

datePublished : 2014-06-18T16:00:00 (string)

dateReserved : 2014-04-29T00:00:00 (string)

dateUpdated : 2024-08-06T10:28:46.394Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*", "matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8540059F-8E22-4684-B161-B3EC5996286E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en IBM Curam Social Program Management 5.2 SP1 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de par\u00e1metros no especificados en custom JSPs."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')\"", "id": "CVE-2014-3012", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-18T16:55:07.687", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59257"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 2A64B23F-E318-4506-946D-F30BB453282E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:* (string)

matchCriteriaId : 8634A1FB-ECD1-45A7-9186-37EB6974EDD3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BDD18D50-AEBC-4131-B89F-F2A74501E0A0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8540059F-8E22-4684-B161-B3EC5996286E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BB8E3B08-7171-414D-8A41-14C9E18B1BAB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 940271A7-2CC3-4A34-BB5A-D9F4D45A7895 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 13AA664F-BCD8-4CED-A201-E2543D437E1C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:* (string)

matchCriteriaId : A6711519-4E7D-4782-8372-7996C24E50D6 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 17929DC8-0E48-4BF4-AAFE-6463C8540FF9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FD3FF4C-C12A-4CBC-8983-85929C5D121E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : DAE6D88C-92CF-415E-978C-0107C4C4C52C (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CB928C52-91BB-43A6-B25F-F359F05F1388 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 25DE6951-4C91-4443-843C-805D416F4074 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de inyección CRLF en IBM Curam Social Program Management 5.2 SP1 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuesta HTTP a través de parámetros no especificados en custom JSPs. (string)

}

]

evaluatorComment : Per: http://cwe.mitre.org/data/definitions/93.html "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" (string)

id : CVE-2014-3012 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-06-18T16:55:07.687 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://secunia.com/advisories/59257 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/59257 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21675454 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object