Sign-up

ID

VAR-201708-0357


CVE

CVE-2014-9564


TITLE

IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband In the switch firmware CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008345

DESCRIPTION

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband The switch firmware includes CRLF An injection vulnerability exists.Information may be obtained and information may be altered. IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switches are products of IBM Corporation of the United States. The former is an Ethernet adapter product; the latter is a switch product

Trust: 2.52

sources: NVD: CVE-2014-9564 // JVNDB: JVNDB-2014-008345 // CNVD: CNVD-2015-03677 // BID: 74931 // VULHUB: VHN-77509

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03677

AFFECTED PRODUCTS

vendor:ibmmodel:ib6131scope:eqversion: -

Trust: 1.6

vendor:ibmmodel:en6131scope:eqversion: -

Trust: 1.6

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:ltversion:3.4.1110

Trust: 0.8

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:ltversion:3.4.1110

Trust: 0.8

vendor:ibmmodel:flex system ib6131 40gb infinibandscope:lteversion:<=3.4.0000

Trust: 0.6

vendor:ibmmodel:flex system en6131 40gb ethernetscope:lteversion:<=3.4.0000

Trust: 0.6

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:neversion:3.4.1110

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:neversion:3.4.1110

Trust: 0.3

sources: CNVD: CNVD-2015-03677 // BID: 74931 // JVNDB: JVNDB-2014-008345 // CNNVD: CNNVD-201506-084 // NVD: CVE-2014-9564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9564
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9564
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03677
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-084
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9564
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03677
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77509
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9564
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-03677 // VULHUB: VHN-77509 // JVNDB: JVNDB-2014-008345 // CNNVD: CNNVD-201506-084 // NVD: CVE-2014-9564

PROBLEMTYPE DATA

problemtype:CWE-93

Trust: 1.9

sources: VULHUB: VHN-77509 // JVNDB: JVNDB-2014-008345 // NVD: CVE-2014-9564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-084

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201506-084

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008345

PATCH
title:MIGR-5098173url:https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173
Trust: 0.8
title:Patches for HTTP response splitting vulnerabilities in several IBM Flex System productsurl:https://www.cnvd.org.cn/patchInfo/show/59407
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03677 // 
            
            
            
            JVNDB: JVNDB-2014-008345

EXTERNAL IDS
db:NVDid:CVE-2014-9564
Trust: 3.4
db:BIDid:74931
Trust: 2.6
db:JVNDBid:JVNDB-2014-008345
Trust: 0.8
db:CNNVDid:CNNVD-201506-084
Trust: 0.7
db:CNVDid:CNVD-2015-03677
Trust: 0.6
db:VULHUBid:VHN-77509
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03677 // 
            
            
            
            VULHUB: VHN-77509 // 
            
            
            
            BID: 74931 // 
            
            
            
            JVNDB: JVNDB-2014-008345 // 
            
            
            
            CNNVD: CNNVD-201506-084 // 
            
            
            
            NVD: CVE-2014-9564

REFERENCES
url:http://www.securityfocus.com/bid/74931
Trust: 2.3
url:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5098173
Trust: 1.7
url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098173
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9564
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9564
Trust: 0.8
url:http://www-03.ibm.com/systems/pureflex/flex_overview.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03677 // 
            
            
            
            VULHUB: VHN-77509 // 
            
            
            
            BID: 74931 // 
            
            
            
            JVNDB: JVNDB-2014-008345 // 
            
            
            
            CNNVD: CNNVD-201506-084 // 
            
            
            
            NVD: CVE-2014-9564

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 74931 // 
            
            
            
            CNNVD: CNNVD-201506-084

SOURCES
db:CNVDid:CNVD-2015-03677
db:VULHUBid:VHN-77509
db:BIDid:74931
db:JVNDBid:JVNDB-2014-008345
db:CNNVDid:CNNVD-201506-084
db:NVDid:CVE-2014-9564

LAST UPDATE DATE
2025-04-20T23:40:02.690000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03677date:2015-06-10T00:00:00
db:VULHUBid:VHN-77509date:2017-08-30T00:00:00
db:BIDid:74931date:2015-05-28T00:00:00
db:JVNDBid:JVNDB-2014-008345date:2017-09-19T00:00:00
db:CNNVDid:CNNVD-201506-084date:2017-08-28T00:00:00
db:NVDid:CVE-2014-9564date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03677date:2015-06-10T00:00:00
db:VULHUBid:VHN-77509date:2017-08-25T00:00:00
db:BIDid:74931date:2015-05-28T00:00:00
db:JVNDBid:JVNDB-2014-008345date:2017-09-19T00:00:00
db:CNNVDid:CNNVD-201506-084date:2015-05-28T00:00:00
db:NVDid:CVE-2014-9564date:2017-08-25T18:29:00.420