IBM WebSphere Application Server HTTP Response Splitting Vulnerability


Description   (:An HTTP Response Splitting vulnerability has been identified in IBM WebSphere Application Server.:A remote attacker could exploit it by sending specially-crafted URL to cause the server to return a split response in order to access sensitive data and perform further attacks.::This vulnerability is due to a lack of blocking for the %0[ad] regular expression.)
     
Vulnerable Products   Vulnerable Software:
Business Process Manager Advanced (Websphere Process Server) (IBM) - 7.5.0.0, 7.5.0.1, 7.5.1.0, 7.5.1.1, 7.5.1.2, ..., 8.5.7.0 CF 2016.09, 8.5.7.0 CF 2016.12, 8.5.7.0 CF 2017.03, 8.5.7.0 CF 2017.06, 8.6.0.0Security Directory Server (Tivoli Directory Server) (IBM) - 6.3, 6.3.0.1, 6.3.0.10, 6.3.0.11, 6.3.0.12, ..., 6.4.0.5, 6.4.0.6, 6.4.0.7, 6.4.0.8, 6.4.0.9Tivoli Federated Identity Manager Business Gateway (IBM) - 6.2, 6.2.1, 6.2.2Tivoli Federated Identity Manager (IBM) - 6.2.0, 6.2.1, 6.2.2WebSphere Application Server (IBM) - 7.0, 7.0.0.1, 7.0.0.11, 7.0.0.12, 7.0.0.13, ..., 9.0.0.0, 9.0.0.1, 9.0.0.2, 9.0.0.3, 9.0.0.4WebSphere Portal (IBM) - 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.2 CF1, 7.0.0.2 CF10, ..., 9.0 CF5, 9.0 CF6, 9.0 CF7, 9.0 CF8, 9.0 CF9
     
Solution   IBM recommends to customers of Security Directory Server versions 6.3, 6.3.1 and 6.4 to apply the interim fixes released for WebSphere Application Server in order to resolve this vulnerability.
     
CVE   CVE-2017-1503
     
References   - IBM Security Bulletin: WebSphere Application Server Edge Caching Proxy may be vulnerable to HTTP response splitting (CVE-2017-1503)
http://www-01.ibm.com/support/docview.wss?uid=swg22006815
- IBM Security Bulletin : A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1503)
http://www-01.ibm.com/support/docview.wss?uid=swg22009501
- IBM : A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2017-9798, CVE-2017-12618)
http://www-01.ibm.com/support/docview.wss?uid=swg22011252
- IBM : Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Portal
http://www-01.ibm.com/support/docview.wss?uid=swg22010802
- IBM : A security vulnerability has been identified in IBM Websphere Application Server shipped with IBM Security/Tivoli Directory Server (CVE-2017-1503)
https://www-01.ibm.com/support/docview.wss?uid=swg22010701
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-10-09 

 Target Type 
Client 

 Possible exploit 
Remote