Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC9CE53FA0A41DFF7D5C243A1491314045D48EEB2A9EE26EE24957E92ACA8E16B
HistoryJun 17, 2018 - 3:29 p.m.

Security Bulletin: HTTP Response Splitting in Liberty affects IBM MessageSight (CVE-2016-0359)

2018-06-1715:29:09
www.ibm.com
5

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111929&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM MessageSight V1.1 - 1.1.0.1, IBM MessageSight V1.2 - 1.2.0.3, IBM MessageSight V2.0

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT17110| 1.1.0.1-IBM-IMA-IFIT17110

IBM MessageSight|
1.2| IT17109| 1.2.0.3-IBM-IMA-IFIT17109
IBM MessageSight| 2.0| IT17111| 2.0.0-IBM-IMA-FP0001

Workarounds and Mitigations

None

Related

ibm 48
prion 1
nessus 1
cve 1
openvas 1
ibm
ibm
Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2016-0359)
2018-06-15 07:05:58
Security Bulletin: IBM Streams may be impacted by a vulnerability in WebSphere Liberty (CVE-2016-0359)
2018-06-16 13:43:11
Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359)
2018-06-18 00:28:28
prion
prion
Crlf injection
2016-07-03 21:59:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / Liberty 16.0 < 16.0.0.2 CRLF Sequences HTTP Response Splitting
2016-08-04 00:00:00
cve
cve
CVE-2016-0359
2016-07-03 21:59:00
openvas
openvas
IBM Websphere Application Server CRLF Injection Vulnerability
2016-07-05 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for C9CE53FA0A41DFF7D5C243A1491314045D48EEB2A9EE26EE24957E92ACA8E16B
ibm48prion1nessus1cve1openvas1