CVE-2017-1503Cross-site Scripting in IBM Websphere Application Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application ServerIBM Websphere Application Server
Timeline
PublishedOct 10
Latest updateMay 17

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/ibm_websphere_application_server7.0, 8.0, 8.5, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-xc66-8wc2-287h: IBM WebSphere Application Server 72022-05-17
CVEList
CVE-2017-1503: IBM WebSphere Application Server 72017-10-10
CVE-2017-1503 — Cross-site Scripting in IBM | cvebase