CRLF Injection Vulnerability in IBM WebSphere eXtreme Scale
CVE-2015-2028
Currently unrated
Summary
A CRLF injection vulnerability exists in IBM WebSphere eXtreme Scale versions prior to 7.1.0.3 and 7.1.1.1. This flaw allows remote attackers to craft malicious URLs that can inject arbitrary HTTP headers. This can lead to HTTP response splitting attacks, where the attacker can manipulate the responses sent to users, potentially leading to session fixation, cache poisoning, or other malicious actions. Organizations using affected versions should update to secure releases to mitigate the risks associated with this vulnerability.
References
Timeline
Vulnerability published
Vulnerability Reserved