Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5C2E76B3340C1257E617B1A8C2B81E3D61502A63D64429D65F39305F7C46E938
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: HTTP response splitting attack in IBM Application Server on Cloud (CVE-2015-2017)

2018-06-1507:04:24
www.ibm.com
4

EPSS

0.002

Percentile

58.7%

JSON

Summary

There is a vulnerability in IBM Application Server on Cloud that could allow an HTTP response splitting attack in Channel.

Vulnerability Details

CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Application is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

The following Versions of IBM Application Server on Cloud may be affected:

  • Version 8.5.5 WAS Liberty Core, WAS Base and WAS ND
  • Version 8.0

Remediation/Fixes

To patch an existing instance refer to the IBM WebSphere Application Server bulletin:
Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)

Alternatively, delete the vulnerable instance and create a new instance. The new maintenance will be included.

Related

ibm 60
prion 1
cvelist 1
nvd 1
nessus 2
cve 1
openvas 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2015-2017)
2018-06-17 15:12:40
Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Netcool Impact (CVE-2015-2017)
2018-06-17 15:12:47
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-2017)
2018-06-15 07:03:52
prion
prion
Crlf injection
2015-11-08 22:59:00
cvelist
cvelist
CVE-2015-2017
2015-11-08 22:00:00
nvd
nvd
CVE-2015-2017
2015-11-08 22:59:09
nessus
nessus
IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.39 / 8.0.0.x < 8.0.0.12 / 8.5.x < 8.5.5.8 HTTP Response Splitting (CVE-2015-2017)
2020-11-03 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
2016-10-26 00:00:00
cve
cve
CVE-2015-2017
2015-11-08 22:59:09
openvas
openvas
IBM Websphere Application Server CRLF Injection Vulnerability (Feb 2016)
2016-03-01 00:00:00

EPSS

0.002

Percentile

58.7%

JSON
Related for 5C2E76B3340C1257E617B1A8C2B81E3D61502A63D64429D65F39305F7C46E938
ibm60prion1cvelist1nvd1nessus2cve1openvas1