Lucene search

K
ibmIBM5C2E76B3340C1257E617B1A8C2B81E3D61502A63D64429D65F39305F7C46E938
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: HTTP response splitting attack in IBM Application Server on Cloud (CVE-2015-2017)

2018-06-1507:04:24
www.ibm.com
2

0.002 Low

EPSS

Percentile

58.7%

Summary

There is a vulnerability in IBM Application Server on Cloud that could allow an HTTP response splitting attack in Channel.

Vulnerability Details

CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Application is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

The following Versions of IBM Application Server on Cloud may be affected:

  • Version 8.5.5 WAS Liberty Core, WAS Base and WAS ND
  • Version 8.0

Remediation/Fixes

To patch an existing instance refer to the IBM WebSphere Application Server bulletin:
Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)

Alternatively, delete the vulnerable instance and create a new instance. The new maintenance will be included.

0.002 Low

EPSS

Percentile

58.7%

Related for 5C2E76B3340C1257E617B1A8C2B81E3D61502A63D64429D65F39305F7C46E938