IBM WebSphere Commerce HTTP Response Splitting Vulnerability


Description   A vulnerability was reported in IBM WebSphere Commerce.
A remote attacker can exploit it by using a specially crafted URL in order to inject a malicious response to future requests.
No further information is available.
     
Vulnerable Products   Vulnerable Software:
WebSphere Commerce Express (IBM) - 6.0, 6.0.0.0, 6.0.0.1, 6.0.0.10, 6.0.0.11, ..., 7.0.0.4, 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8WebSphere Commerce Suite (IBM) - 6.0, 6.0.0.0, 6.0.0.1, 6.0.0.10, 6.0.0.11, ..., 7.0.0.4, 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8WebSphere Commerce Suite Pro (IBM) - 6.0, 6.0.0.1, 6.0.0.10, 6.0.0.11, 6.0.0.2, ..., 7.0.0.4, 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8
     
Solution   IBM has released the following fixes in order to resolve this vulnerability:- 6.0.0.0 - 6.0.0.10: upgrade to Fix Pack 11 and install APAR JR51324- 6.0.0.11: install APAR JR51324- 7.0.0.0 - 7.0.0.5: upgrade to Fix Pack 6 and install APAR JR51324- 7.0.0.6 - 7.0.0.7: install APAR JR51324- 7.0.0.8: install APAR JR52306.
     
CVE   CVE-2015-0196
     
References   - IBM : WebSphere Commerce is vulnerable to a HTTP Response Splitting attack (CVE-2015-0196)
https://www-304.ibm.com/support/docview.wss?uid=swg21960181
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Request Smuggling : HTTP command found in header
3.2.0
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword
3.2.0
HTTP Request Smuggling : multiple Content-Length fields
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-06-19 

 Target Type 
Client 

 Possible exploit 
Remote