CVE-2017-1503

medium

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/129578

http://www.securitytracker.com/id/1039521

http://www.securityfocus.com/bid/101234

http://www-01.ibm.com/support/docview.wss?uid=swg22006815

Details

Source: Mitre, NVD

Published: 2017-10-10

Updated: 2017-11-05

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium