CVE-2014-9564

Name of the Vulnerable Software and Affected Versions IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware versions prior to 3.4.1110

Description The issue allows remote attackers to inject arbitrary HTTP headers, which can lead to HTTP response splitting attacks. This can result in web cache poisoning or cross-site scripting (XSS) attacks, or allow attackers to obtain sensitive information via multiple unspecified parameters.

Recommendations For versions prior to 3.4.1110, update the firmware to version 3.4.1110 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP endpoints to minimize the risk of exploitation. Avoid using unspecified parameters in the affected HTTP requests until the issue is resolved.