IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / Liberty 16.0 < 16.0.0.2 CRLF Sequences HTTP Response Splitting

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A web application server running on the remote host is affected by an
HTTP response splitting vulnerability.

Description :

The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to
8.5.5.10, or 16.0 (Liberty) prior to 16.0.0.2. It is, therefore,
affected by an HTTP response splitting vulnerability due to a failure
to properly sanitize CRLF character sequences before user-supplied
input is included in HTTP responses. An unauthenticated, remote
attacker can exploit this, by convincing a user to visit a specially
crafted URL link, to inject arbitrary HTTP headers.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21982526

Solution :

Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(7.0.0.43) / 8.0 Fix Pack 13 (8.0.0.13) / 8.5 Fix Pack 10 (8.5.5.10)
Liberty 16.0 Fix Pack 2 (16.0.0.2) or later. Alternatively, apply the
appropriate interim fixes as recommended in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 92724 ()

Bugtraq ID: 91484

CVE ID: CVE-2016-0359

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now