IBM WebSphere Application Server CRLF Injection Vulnerability


Description   (:A CRLF injection vulnerability has been identified in IBM WebSphere Application Server.:A remote attacker could exploit it by enticing the victim into visiting a specially crafted URL in order to to inject arbitrary HTTP headers, allowing for web cache poisoning, cross-site scripting, and possibly sensitive information theft.::This vulnerability is due to missing input checks on the URL.)
     
Vulnerable Products   Vulnerable OS:
i/OS (OS/400) (IBM) - 6.1, 7.1, 7.2, 7.3Vulnerable Software:
BigFix Inventory (Tivoli Asset Discovery for Distributed) (IBM) - 9.2InfoSphere Information Server (IBM) - 11.3, 11.5License Metric Tool (IBM) - 9.2Security Access Manager for Web (Tivoli Access Manager for e-business) (IBM) - 8.0.0.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, ..., 8.0.1.3, 8.0.1.4, 9.0, 9.0.0.1, 9.0.1.0Tivoli Application Dependency Discovery Manager (IBM) - 7.3.0.0, 7.3.0.0, 7.3.0.0, 7.3.0.1, 7.3.0.1, ..., 7.3.0.2, 7.3.0.2, 7.3.0.3, 7.3.0.3, 7.3.0.3Tivoli Common Reporting (IBM) - 3.1.0.0, 3.1.0.1, 3.1.0.2, 3.1.2, 3.1.2.1, 3.1.3Tivoli Monitoring (IBM) - 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, ..., 6.3.0.3, 6.3.0.4, 6.3.0.5, 6.3.0.6, 6.3.0.7WebSphere Application Server (IBM) - 7.0, 7.0.0.1, 7.0.0.11, 7.0.0.12, 7.0.0.13, ..., 8.5.5.5, 8.5.5.6, 8.5.5.7, 8.5.5.8, 8.5.5.9
     
Solution   - 3.1.3.
     
CVE   CVE-2016-0359
     
References   - IBM : HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)
http://www-01.ibm.com/support/docview.wss?uid=swg21982526
- IBM Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by vulnerabilities CVE-2016-0359 and CVE-2016-2923
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021453
- IBM : Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
http://www-01.ibm.com/support/docview.wss?uid=swg21990451
- IBM : Security Bulletin: IBM Security Access Manager appliances are affected by a response splitting vulnerability in WebSphere Application Server
http://www-01.ibm.com/support/docview.wss?uid=swg21995289
- IBM : IBM InfoSphere Information Server is vulnerable to a HTTP response splitting vulnerability (CVE-2016-0359)
http://www-01.ibm.com/support/docview.wss?uid=swg21991299
- IBM : Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-0359)
http://www-01.ibm.com/support/docview.wss?uid=swg21995763
- IBM Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 - United States
http://www-01.ibm.com/support/docview.wss?uid=swg21994916
- IBM : Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=swg21996032
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-06-23 

 Target Type 
Server 

 Possible exploit 
Remote