HTTP Response Splitting Vulnerability in IBM WebSphere Application Server
CVE-2017-1503

6.1MEDIUM

Key Information:

Vendor
IBM
Status
IBM Websphere Application Server
Vendor
CVE Published:
10 October 2017

Summary

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 are vulnerable to HTTP response splitting attacks. This vulnerability allows a remote attacker to exploit the server by sending a specially-crafted URL, resulting in a split response. The successful exploitation can lead to various forms of attack, including web cache poisoning and cross-site scripting, thereby putting sensitive information at risk. This vulnerability emphasizes the need for implementing robust security measures to protect against such threats.

Affected Version(s)

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0

References

http://www.securityfocus.com/bid/101234
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039521
vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg22006815
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.