CVE-2016-0359

medium

Description

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

References

http://www.securitytracker.com/id/1036184

http://www.securityfocus.com/bid/91484

http://www-01.ibm.com/support/docview.wss?uid=swg21982526

http://www-01.ibm.com/support/docview.wss?uid=swg1PI58918

Details

Source: Mitre, NVD

Published: 2016-07-03

Updated: 2017-09-01

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium