IBM8290EEEF24213A49ECB1C207A5AA3D862894ABC85451BE7BDD1EA7A30B7E67F5Security Bulletin: HTTP response splitting attack in WebSphere Application Server affects IBM MQ Light (CVE-2015-2017)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Summary
There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel. IBM MQ Light has addressed the CVE.
Vulnerability Details
CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability by using a specially-crafted URL to cause the server to return a split response, after the URL is clicked. This would allow the attacker to perform further attacks, such as web cache poisoning, or cross-site scripting, and possibly to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM MQ Light V1.0 and V1.0.1 on all platforms.
Remediation/Fixes
Upgrade to the latest version of IBM MQ Light.
The following link describes how to re-use the data from an existing installation using an upgraded installation:_
_http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq light | eq | 1.0 |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N