There is a vulnerability in IBM Application Server on Cloud that could allow an HTTP response splitting attack in Channel.
CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Application is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
The following Versions of IBM Application Server on Cloud may be affected:
To patch an existing instance refer to the IBM WebSphere Application Server bulletin:
Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)
Alternatively, delete the vulnerable instance and create a new instance. The new maintenance will be included.