CVE-2013-3998: Code Injection
First published: Wed Mar 26 2014(Updated: )
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM InfoSphere BigInsights | =1.1.0.0 | |
| IBM InfoSphere BigInsights | =1.1.0.1 | |
| IBM InfoSphere BigInsights | =1.1.0.2 | |
| IBM InfoSphere BigInsights | =1.2.0.0 | |
| IBM InfoSphere BigInsights | =1.3.0.0 | |
| IBM InfoSphere BigInsights | =1.3.0.1 | |
| IBM InfoSphere BigInsights | =1.4.0.0 | |
| IBM InfoSphere BigInsights | =2.0.0.0 | |
| IBM InfoSphere BigInsights | =2.1.0.0 | |
| IBM InfoSphere BigInsights | =2.1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3998?
CVE-2013-3998 has a moderate severity level as it allows HTTP response splitting attacks.
How do I fix CVE-2013-3998?
To fix CVE-2013-3998, update IBM InfoSphere BigInsights to version 2.1 FP2 or later.
Who is affected by CVE-2013-3998?
Authenticated users of IBM InfoSphere BigInsights versions prior to 2.1 FP2 are affected by CVE-2013-3998.
What types of attacks can CVE-2013-3998 lead to?
CVE-2013-3998 can lead to HTTP response splitting attacks, which may allow the injection of arbitrary HTTP headers.
What versions of IBM InfoSphere BigInsights are vulnerable to CVE-2013-3998?
IBM InfoSphere BigInsights versions 1.1, 1.2, 1.3, and 2.0 are vulnerable to CVE-2013-3998.
- collector/nvd-index
- vendor/ibm
- product/infosphere biginsights
- canonical/ibm infosphere biginsights