6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server, that is used by IBM Tivoli Netcool Configuration Manager (ITNCM). These issues were disclosed as part of the Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359).
CVEID: CVE-2016-0359**
DESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111929 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
This vulnerability affects the following versions and releases of IBM WebSphere Application Server
· Version 8.5.5 Full Profile and Liberty
· Version 8.5 Full Profile and Liberty
· Version 8.0
· Version 7.0
Included in the following releases:
ITNCM 6.3.0.6 and earlier
ITNCM 6.4.1.4 and earlier
ITNCM 6.4.2.2 and earlier
<Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
ITNCM| 6.4.2.2| none| Install _Websphere 8.0.0.13 (24 Oct 2016) _
ITNCM| 6.4.1.4| none| _Install __6.4.1.4-TIV-ITNCM-IF002 __ _
_Which includes eWAS interim fix PI58918 _
ITNCM| 6.3.0.6| none| _Install _6.3.0.6-TIV-ITNCM-IF006
_Which includes eWAS interim fix PI58918 _
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N