IBM WebSphere Application Server HTTP Response Splitting Vulnerability


Description   (:An HTTP response splitting vulnerability has been identified in IBM WebSphere Application Server.:A remote attacker can exploit it by enticing their victim to click on a specially crafted URL in order to perform ulterior attacks, potentially obtaining sensitive information.::This vulnerability is due to insufficient parameter validation in the client HTTP requests.)
     
Vulnerable Products   Vulnerable Software:
Hardware Management Console (HMC) (IBM) - 7R7.9.0, 7R7.9.0 SP1, 7R7.9.0 SP2, 7R7.9.0 SP3, 8R8.1.0, ..., 8R8.2.0 SP1, 8R8.2.0 SP2, 8R8.3.0, 8R8.3.0 SP1, 8R8.4.0Security Access Manager for Web (Tivoli Access Manager for e-business) (IBM) - 8.0.0.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.1, 8.0.1.1, 8.0.1.2, 8.0.1.3, 9.0Security Identity Manager (Tivoli Identity Manager) (IBM) - 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3Tivoli Application Dependency Discovery Manager (IBM) - 7.3.0.1, 7.3.0.2Tivoli Monitoring (IBM) - 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, ..., 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5, 6.3.0.6WebSphere Application Server (IBM) - 6.1, 7.0, 8.0, 8.0.0.0, 8.0.0.1, ..., 8.5.5.3, 8.5.5.4, 8.5.5.5, 8.5.5.6, 8.5.5.7
     
Solution   - 9.0: 9.0.1.0.
     
CVE   CVE-2015-2017
     
References   - IBM Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)
http://www-01.ibm.com/support/docview.wss?uid=swg21966837
- IBM : Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2015-7450, CVE-2015-2017, CVE-2015-4938, CVE-2015-1932, CVE-2015-1927 )
http://www-01.ibm.com/support/docview.wss?uid=swg21971307
- IBM : Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
https://www-304.ibm.com/support/docview.wss?uid=swg21972266
- IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021040
- IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-2017) - United States
https://www-304.ibm.com/support/docview.wss?uid=swg21974782
- IBM : A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web (CVE-2015-2017)
http://www-01.ibm.com/support/docview.wss?uid=swg21981310
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Request Smuggling : HTTP command found in header
3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header
3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword
3.2.0
HTTP Request Smuggling : multiple Content-Length fields
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-11-02 

 Target Type 
Server 

 Possible exploit 
Remote