CRLF Injection Vulnerability in IBM WebSphere eXtreme Scale
CVE-2015-2028

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Extreme Scale
Vendor: CVE Published:; 4 October 2015

Summary

A CRLF injection vulnerability exists in IBM WebSphere eXtreme Scale versions prior to 7.1.0.3 and 7.1.1.1. This flaw allows remote attackers to craft malicious URLs that can inject arbitrary HTTP headers. This can lead to HTTP response splitting attacks, where the attacker can manipulate the responses sent to users, potentially leading to session fixation, cache poisoning, or other malicious actions. Organizations using affected versions should update to secure releases to mitigate the risks associated with this vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966044

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015