Описание
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03486
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
EPSS
Процентиль: 87%
0.03486
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other