Lucene search
HistoryJun 29, 2015 - 10:59 a.m.
CVE-2015-0196
cve-2015-0196
crlf injection
ibm websphere commerce
security vulnerability
http response splitting
nvd
6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.2%
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Affected configurations
Node
ibmwebsphere_commerceMatch6.0.0.1
ORibmwebsphere_commerceMatch6.0.0.2
ORibmwebsphere_commerceMatch6.0.0.3
ORibmwebsphere_commerceMatch6.0.0.4
ORibmwebsphere_commerceMatch6.0.0.5
ORibmwebsphere_commerceMatch6.0.0.6
ORibmwebsphere_commerceMatch6.0.0.7
ORibmwebsphere_commerceMatch6.0.0.8
ORibmwebsphere_commerceMatch6.0.0.9
ORibmwebsphere_commerceMatch6.0.0.10
ORibmwebsphere_commerceMatch6.0.0.11
ORibmwebsphere_commerceMatch7.0
ORibmwebsphere_commerceMatch7.0.0.1
ORibmwebsphere_commerceMatch7.0.0.2
ORibmwebsphere_commerceMatch7.0.0.3
ORibmwebsphere_commerceMatch7.0.0.4
ORibmwebsphere_commerceMatch7.0.0.5
ORibmwebsphere_commerceMatch7.0.0.6
ORibmwebsphere_commerceMatch7.0.0.7
ORibmwebsphere_commerceMatch7.0.0.8
Related
cvelist
cvelist
CVE-2015-0196
2015-06-29 10:00:00
nvd
nvd
CVE-2015-0196
2015-06-29 10:59:00
prion
prion
Crlf injection
2015-06-29 10:59:00
6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.2%
Related for CVE-2015-0196