Описание
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
Ссылки
- VDB Entry
- PatchVendor Advisory
- VDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3
5.8 Medium
CVSS2