4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel. IBM MQ Light has addressed the CVE.
CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability by using a specially-crafted URL to cause the server to return a split response, after the URL is clicked. This would allow the attacker to perform further attacks, such as web cache poisoning, or cross-site scripting, and possibly to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM MQ Light V1.0 and V1.0.1 on all platforms.
Upgrade to the latest version of IBM MQ Light.
The following link describes how to re-use the data from an existing installation using an upgraded installation:_
_http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq light | eq | 1.0 |