CVE-2016-0400

Name of the Vulnerable Software and Affected Versions IBM WebSphere eXtreme Scale versions 7.1.0 through 7.1.0.2 IBM WebSphere eXtreme Scale versions 7.1.1 through 7.1.1.0 IBM WebSphere eXtreme Scale versions 8.5.0 through 8.5.0.2 IBM WebSphere eXtreme Scale versions 8.6.0 through 8.6.0.7

Description A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Recommendations For IBM WebSphere eXtreme Scale versions 7.1.0 through 7.1.0.2, update to version 7.1.0.3 or later. For IBM WebSphere eXtreme Scale versions 7.1.1 through 7.1.1.0, update to version 7.1.1.1 or later. For IBM WebSphere eXtreme Scale versions 8.5.0 through 8.5.0.2, update to version 8.5.0.3 or later. For IBM WebSphere eXtreme Scale versions 8.6.0 through 8.6.0.7, update to version 8.6.0.8 or later.