Lucene search
HistoryMar 22, 2007 - 11:19 p.m.
CVE-2007-1608
cve
2007
1608
crlf injection
vulnerability
ibm
websphere
application server
http headers
response splitting
attacks
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.9%
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
Affected configurations
Node
ibmwebsphere_application_serverRange≤6.0.2.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm:websphere_application_server | ibm websphere application server | le | 6.0.2.15 |
Related
cvelist
cvelist
CVE-2007-1608
2007-03-22 23:00:00
nvd
nvd
CVE-2007-1608
2007-03-22 23:19:00
nessus
nessus
IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting
2010-04-05 00:00:00
prion
prion
Crlf injection
2007-03-22 23:19:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.9%
Related for CVE-2007-1608