CVE-2016-0359 — CRLF Injection in IBM Websphere Application Server

19 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 3

Latest updateMay 17

Description

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDibm/websphere_application_server60 versions+59

🔴Vulnerability Details

GHSA

GHSA-8p3w-97vg-66h2: CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7↗2022-05-17

▶

CVEList

CVE-2016-0359: CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7↗2016-07-03

▶

💬Community

Bugzilla

CVE-2016-2844 chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist↗2016-03-07

▶

Bugzilla

CVE-2016-2845 chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch↗2016-03-07

▶

Bugzilla

CVE-2016-2843 chromium-browser: Multiple unspecified vulnerabilities in V8 before 4.9.385.26↗2016-03-07

▶

Bugzilla

CVE-2016-1637 chromium-browser: information leak in Skia↗2016-03-03

▶

Bugzilla

CVE-2016-1634 chromium-browser: use-after-free in Blink↗2016-03-03

▶