CRLF Injection Vulnerability in IBM WebSphere eXtreme Scale
CVE-2015-2028

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 October 2015

Summary

A CRLF injection vulnerability exists in IBM WebSphere eXtreme Scale versions prior to 7.1.0.3 and 7.1.1.1. This flaw allows remote attackers to craft malicious URLs that can inject arbitrary HTTP headers. This can lead to HTTP response splitting attacks, where the attacker can manipulate the responses sent to users, potentially leading to session fixation, cache poisoning, or other malicious actions. Organizations using affected versions should update to secure releases to mitigate the risks associated with this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.