Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: HTTP Header Injection Vulnerability Addressed in Asset and Service Management (CVE-2014-3026) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirects attacks via the location header in Maximo Asset Mgmt, and SmartCloud Control Desk. CVE(s): CVE-2014-3026 Affected product(s) and affected version(s): 1. Maximo Asset Management 7.5 2. Maximo Asset Management Essentials 7.5 3. Maximo for Government 7.5 4. Maximo for Nuclear Power 7.5 5. Maximo for Transportation 7.5 6. More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_http_header_injection_vulnerability_addressed_in_asset_and_service_management_cve_2014_3026?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2014-3026 ,CVE-2014-0114 ,CVE-2014-0889 ,CVE-2014-0224 and CVE-2014-3050. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-07-31 |