ID
VAR-201009-0015
CVE
CVE-2010-0155
TITLE
IBM PNMSS of load.php In CRLF Injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2010-002931
DESCRIPTION
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. The Local Management Interface is a set of enhancements to the basic Frame Relay specification
Trust: 1.71
sources:
NVD: CVE-2010-0155 //
JVNDB: JVNDB-2010-002931 //
VULHUB: VHN-42760
AFFECTED PRODUCTS
| vendor: | ibm | model: | proventia network mail security system virtual appliance | scope: | - | version: | - | Trust: 1.4 |
| vendor: | ibm | model: | proventia network mail security system virtual appliance | scope: | eq | version: | 1.6 | Trust: 1.0 |
| vendor: | ibm | model: | proventia network mail security system virtual appliance | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | ibm | model: | proventia network mail security system virtual appliance | scope: | lt | version: | 2.5 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2010-002931 //
CNNVD: CNNVD-201009-115 //
NVD: CVE-2010-0155
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
VULHUB: VHN-42760 //
JVNDB: JVNDB-2010-002931 //
CNNVD: CNNVD-201009-115 //
NVD: CVE-2010-0155
PROBLEMTYPE DATA
| problemtype: | CWE-94 | Trust: 1.9 |
sources:
VULHUB: VHN-42760 //
JVNDB: JVNDB-2010-002931 //
NVD: CVE-2010-0155
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201009-115
TYPE
code injection
Trust: 0.6
sources:
CNNVD: CNNVD-201009-115
CONFIGURATIONS
sources:
JVNDB: JVNDB-2010-002931
EXPLOIT AVAILABILITY
sources:
VULHUB: VHN-42760
PATCH
| title: | Proventia Network Mail Security System | url: | http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html | Trust: 0.8 |
sources:
JVNDB: JVNDB-2010-002931
EXTERNAL IDS
| db: | NVD | id: | CVE-2010-0155 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2010-002931 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201009-115 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20100912 MVSA-10-009 / CVE-2010-0155 - IBM PROVENTIA NETWORK MAIL SECURITY SYSTEM - CRLF INJECTION VULNERABILITY | Trust: 0.6 |
| db: | PACKETSTORM | id: | 93819 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-42760 | Trust: 0.1 |
sources:
VULHUB: VHN-42760 //
JVNDB: JVNDB-2010-002931 //
CNNVD: CNNVD-201009-115 //
NVD: CVE-2010-0155
REFERENCES
| url: | http://www.ventuneac.net/security-advisories/mvsa-10-009 | Trust: 1.7 |
| url: | http://www.securityfocus.com/archive/1/513636/100/0/threaded | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0155 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0155 | Trust: 0.8 |
| url: | http://www.securityfocus.com/archive/1/archive/1/513636/100/0/threaded | Trust: 0.6 |
sources:
VULHUB: VHN-42760 //
JVNDB: JVNDB-2010-002931 //
CNNVD: CNNVD-201009-115 //
NVD: CVE-2010-0155
SOURCES
| db: | VULHUB | id: | VHN-42760 |
| db: | JVNDB | id: | JVNDB-2010-002931 |
| db: | CNNVD | id: | CNNVD-201009-115 |
| db: | NVD | id: | CVE-2010-0155 |
LAST UPDATE DATE
2025-04-11T22:54:11.521000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-42760 | date: | 2018-10-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2010-002931 | date: | 2012-03-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201009-115 | date: | 2010-09-16T00:00:00 |
| db: | NVD | id: | CVE-2010-0155 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-42760 | date: | 2010-09-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2010-002931 | date: | 2012-03-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201009-115 | date: | 2010-09-16T00:00:00 |
| db: | NVD | id: | CVE-2010-0155 | date: | 2010-09-14T17:00:01.480 |