Lucene search

[email protected]CVE-2008-4283

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2008-4283

2009-02-1022:30:00

CWE-20

[email protected]

web.nvd.nist.gov

ibm

was

crlf injection

vulnerability

http headers

http response splitting

nvd

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

79.1%

JSON

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_application_serverRange≤5.1.1.19

ibmwebsphere_application_serverMatch5.0

ibmwebsphere_application_serverMatch5.0z_os

ibmwebsphere_application_serverMatch5.0.0

ibmwebsphere_application_serverMatch5.0.1

ibmwebsphere_application_serverMatch5.0.2

ibmwebsphere_application_serverMatch5.0.2.1

ibmwebsphere_application_serverMatch5.0.2.2

ibmwebsphere_application_serverMatch5.0.2.3

ibmwebsphere_application_serverMatch5.0.2.4

ibmwebsphere_application_serverMatch5.0.2.5

ibmwebsphere_application_serverMatch5.0.2.6

ibmwebsphere_application_serverMatch5.0.2.7

ibmwebsphere_application_serverMatch5.0.2.8

ibmwebsphere_application_serverMatch5.0.2.9

ibmwebsphere_application_serverMatch5.0.2.10

ibmwebsphere_application_serverMatch5.0.2.11

ibmwebsphere_application_serverMatch5.0.2.12

ibmwebsphere_application_serverMatch5.0.2.13

ibmwebsphere_application_serverMatch5.0.2.14

ibmwebsphere_application_serverMatch5.0.2.15

ibmwebsphere_application_serverMatch5.0.2.16

ibmwebsphere_application_serverMatch5.1.0

ibmwebsphere_application_serverMatch5.1.0.2

ibmwebsphere_application_serverMatch5.1.0.3

ibmwebsphere_application_serverMatch5.1.0.4

ibmwebsphere_application_serverMatch5.1.0.5

ibmwebsphere_application_serverMatch5.1.1

ibmwebsphere_application_serverMatch5.1.1.1

ibmwebsphere_application_serverMatch5.1.1.2

ibmwebsphere_application_serverMatch5.1.1.3

ibmwebsphere_application_serverMatch5.1.1.4

ibmwebsphere_application_serverMatch5.1.1.5

ibmwebsphere_application_serverMatch5.1.1.6

ibmwebsphere_application_serverMatch5.1.1.7

ibmwebsphere_application_serverMatch5.1.1.8

ibmwebsphere_application_serverMatch5.1.1.9

ibmwebsphere_application_serverMatch5.1.1.10

ibmwebsphere_application_serverMatch5.1.1.11

ibmwebsphere_application_serverMatch5.1.1.12

ibmwebsphere_application_serverMatch5.1.1.13

ibmwebsphere_application_serverMatch5.1.1.14

ibmwebsphere_application_serverMatch5.1.1.15

ibmwebsphere_application_serverMatch5.1.1.16

ibmwebsphere_application_serverMatch5.1.1.17

ibmwebsphere_application_serverMatch5.1.1.18

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application serverle5.1.1.19
ibm:websphere_application_serveribm websphere application servereq5.0
ibm:websphere_application_serveribm websphere application servereq5.0.0
ibm:websphere_application_serveribm websphere application servereq5.0.1
ibm:websphere_application_serveribm websphere application servereq5.0.2
ibm:websphere_application_serveribm websphere application servereq5.0.2.1
ibm:websphere_application_serveribm websphere application servereq5.0.2.2
ibm:websphere_application_serveribm websphere application servereq5.0.2.3
ibm:websphere_application_serveribm websphere application servereq5.0.2.4
ibm:websphere_application_serveribm websphere application servereq5.0.2.5

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	le	5.1.1.19
ibm:websphere_application_server	ibm websphere application server	eq	5.0
ibm:websphere_application_server	ibm websphere application server	eq	5.0.0
ibm:websphere_application_server	ibm websphere application server	eq	5.0.1
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.5

Rows per page:

1-10 of 451

References

www-1.ibm.com/support/docview.wss?uid=isg1SE35864

www-1.ibm.com/support/docview.wss?uid=swg1PK69929

www.securityfocus.com/bid/33700

exchange.xforce.ibmcloud.com/vulnerabilities/47199

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2008-4283

nvd1 prion1 cvelist1