CVE-2012-3333: CRLF Injection
First published: Mon May 26 2014(Updated: )
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Control Desk | =7.0 | |
| IBM Control Desk | =7.5 | |
| IBM Control Desk | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| =7.0 | ||
| =7.5 | ||
| =7.5.0.0 | ||
| =7.5.0.1 | ||
| =7.5.0.2 | ||
| =7.5.1.0 | ||
| =7.5.1.1 | ||
| =7.1 | ||
| =7.1.1 | ||
| =7.1.1.1 | ||
| =7.1.1.2 | ||
| =7.1.1.5 | ||
| =7.1.1.6 | ||
| =7.1.1.7 | ||
| =7.1.1.8 | ||
| =7.1.1.9 | ||
| =7.1.1.10 | ||
| =7.1.1.11 | ||
| =7.1.1.12 | ||
| =7.1.2 | ||
| =7.5.0.0 | ||
| =7.5.0.1 | ||
| =7.5.0.2 | ||
| =7.5.0.3 | ||
| =7.5.0.4 | ||
| =7.5.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3333?
CVE-2012-3333 has been classified with a medium severity level due to the potential for HTTP response splitting attacks.
How do I fix CVE-2012-3333?
To fix CVE-2012-3333, users should upgrade IBM Maximo Asset Management or IBM SmartCloud Control Desk to the latest version that addresses this vulnerability.
What are the affected versions of CVE-2012-3333?
CVE-2012-3333 affects IBM Maximo Asset Management versions 7.x before 7.5.0.6 and IBM SmartCloud Control Desk versions 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2.
What might happen if CVE-2012-3333 is exploited?
If CVE-2012-3333 is exploited, an attacker can inject arbitrary HTTP headers leading to various attacks, including spoofing and cache poisoning.
Who is responsible for addressing CVE-2012-3333?
It is the responsibility of the users and administrators of affected IBM products to implement the recommended patches and upgrades for CVE-2012-3333.
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/ibm
- canonical/ibm control desk
- version/ibm control desk/7.0
- version/ibm control desk/7.5
- version/ibm control desk/7.5.0.0
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5