CVE-2016-0359
Description
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.312
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update websphere_application_server 8.5.5.9 to latest version | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234