Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME7546506CC3C985484C8C09FE8AE053B1C008281C30E7302D8DAEFD8DD133EDE
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: IBM MQ Appliance vulnerable to HTTP response splitting attacks (CVE-2015-2017)

2018-06-1507:04:15
www.ibm.com
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON

Summary

An HTTP response splitting attack vulnerability was addressed by IBM MQ Appliance.

Vulnerability Details

CVEID: CVE-2015-2017**
DESCRIPTION:** The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using a specially crafted URL to cause the server to return a split response, after the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, or cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103991&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected Products and Versions

IBM MQ Appliance M2000

Remediation/Fixes

Apply fix pack 8.0.0.4 or later maintenance

Related

ibm 60
cve 1
openvas 1
cvelist 1
nvd 1
nessus 2
prion 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2015-2017)
2018-06-15 07:03:53
Security Bulletin: An HTTP Response splitting vulnerability in TXSeries for Multiplatfoms (CVE-2015-2017)
2018-08-03 04:23:43
Security Bulletin: A security vulnerability has been identified in IBM WebSphere® Application Server shipped with multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-2017)
2021-04-28 18:35:50
cve
cve
CVE-2015-2017
2015-11-08 22:59:09
openvas
openvas
IBM Websphere Application Server CRLF Injection Vulnerability (Feb 2016)
2016-03-01 00:00:00
cvelist
cvelist
CVE-2015-2017
2015-11-08 22:00:00
nvd
nvd
CVE-2015-2017
2015-11-08 22:59:09
nessus
nessus
IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.39 / 8.0.0.x < 8.0.0.12 / 8.5.x < 8.5.5.8 HTTP Response Splitting (CVE-2015-2017)
2020-11-03 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
2016-10-26 00:00:00
prion
prion
Crlf injection
2015-11-08 22:59:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON
Related for E7546506CC3C985484C8C09FE8AE053B1C008281C30E7302D8DAEFD8DD133EDE
ibm60cve1openvas1cvelist1nvd1nessus2prion1