SB2024071841 - Multiple vulnerabilities in IBM Rational ClearCase 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024071841

SB2024071841 - Multiple vulnerabilities in IBM Rational ClearCase

Published: July 18, 2024

Security Bulletin ID SB2024071841
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) HTTP response splitting (CVE-ID: CVE-2024-24795)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences in multiple modules. A remote attacker can inject malicious response headers into backend applications and perform an HTTP desynchronization attack.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.


2) HTTP response splitting (CVE-ID: CVE-2023-38709)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences. A malicious or exploitable backend/content generators can send specially crafted response containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.


Remediation

Install update from vendor's website.

References