IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by an HTTP response
splitting vulnerability.

Description :

IBM WebSphere Application Server 6.0.x before Fix Pack 19 appears to
be running on the remote host. Such versions are reportedly affected
by an HTTP response splitting vulnerability because the application
fails to properly sanitize user-supplied data to an unspecified
parameter and script.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60219
http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732

Solution :

Apply Fix Pack 19 (6.0.2.19) or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 45416 ()

Bugtraq ID: 23086

CVE ID: CVE-2007-1608