CVE-2015-2017

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 through 6.1.0.47 IBM WebSphere Application Server versions 7.0 through 7.0.0.38 IBM WebSphere Application Server versions 8.0 through 8.0.0.11 IBM WebSphere Application Server versions 8.5 through 8.5.5.7

Description The issue is related to a CRLF injection vulnerability that allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. This is due to the server's failure to properly handle CRLF sequences in HTTP headers. An attacker can exploit this vulnerability to inject arbitrary HTTP headers using a specially crafted URL.

Recommendations For IBM WebSphere Application Server versions 6.1 through 6.1.0.47, update to version 6.1.0.47 or later. For IBM WebSphere Application Server versions 7.0 through 7.0.0.38, update to version 7.0.0.39 or later. For IBM WebSphere Application Server versions 8.0 through 8.0.0.11, update to version 8.0.0.12 or later. For IBM WebSphere Application Server versions 8.5 through 8.5.5.7, update to version 8.5.5.8 or later.