CVE-2010-0155

Name of the Vulnerable Software and Affected Versions IBM Proventia Network Mail Security System (PNMSS) appliance versions prior to 2.5

Description The issue concerns a CRLF injection vulnerability in the load.php file of the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance. This vulnerability allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.

Recommendations For versions prior to 2.5, update the firmware to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the load.php file in the LMI to minimize the risk of exploitation. Avoid using the javaVersion parameter in the affected interface until the issue is resolved.