CVE-2015-2028

3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 52.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Extreme Scale

Timeline

PublishedOct 4

Latest updateMay 17

Description

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_extreme_scale7.1.0, 7.1.0.2, 7.1.1+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wqw8-8hj5-2fxj: CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7↗2022-05-17

▶

CVEList

CVE-2015-2028: CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7↗2015-10-04

▶