CVE-2008-4283Improper Input Validation in IBM Websphere Application Server

CWE-20Improper Input Validation3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.5%
top 34.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedFeb 10
Latest updateMay 2

Description

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qm5c-g9c9-4q4v: CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 52022-05-02
CVEList
CVE-2008-4283: CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 52009-02-10
CVE-2008-4283 — Improper Input Validation in IBM | cvebase