CVE-2018-1549

MEDIUM Year: 2018
CVSS v3 Score
5.4
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658.

Related Vulnerabilities

CVE-2013-4318

MEDIUM
CVSS:5.4(Medium)

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

CWE-742013

CVE-2016-5013

MEDIUM
CVSS:5.4(Medium)

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

CWE-742016

CVE-2017-1115

MEDIUM
CVSS:5.4(Medium)

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-742017

CVE-2017-1202

MEDIUM
CVSS:5.4(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...

CWE-742017

CVE-2018-1896

MEDIUM
CVSS:5.4(Medium)

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CWE-742018

CVE-2018-1943

MEDIUM
CVSS:5.4(Medium)

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker c...

CWE-742018