This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
A web application server running on the remote host is affected by an
HTTP response splitting vulnerability.
The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to 18.104.22.168, 8.0 prior to 22.214.171.124, 8.5 prior to
126.96.36.199, or 16.0 (Liberty) prior to 188.8.131.52. It is, therefore,
affected by an HTTP response splitting vulnerability due to a failure
to properly sanitize CRLF character sequences before user-supplied
input is included in HTTP responses. An unauthenticated, remote
attacker can exploit this, by convincing a user to visit a specially
crafted URL link, to inject arbitrary HTTP headers.
See also :
Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(184.108.40.206) / 8.0 Fix Pack 13 (220.127.116.11) / 8.5 Fix Pack 10 (18.104.22.168)
Liberty 16.0 Fix Pack 2 (22.214.171.124) or later. Alternatively, apply the
appropriate interim fixes as recommended in the vendor advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true