IBM WebSphere Portal HTTP Response Splitting Vulnerability

Last Update Date: 31 May 2013 16:50 Release Date: 31 May 2013 4138 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in IBM WebSphere Portal, which can be exploited by malicious people to conduct HTTP response splitting attacks.  Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.  Successful exploitation requires that home substitution is enabled (disabled by default).

Impact

  • Cross-Site Scripting
  • Information Disclosure

System / Technologies affected

  • IBM WebSphere Portal 6.1.0.x
  • IBM WebSphere Portal 6.1.5.x
  • IBM WebSphere Portal 7.0.0.x
  • IBM WebSphere Portal 8.0.0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

GnuTLS TLS Record Decoding Denial of Service Vulnerability

31 May 2013 3931 Views

Next

Apache HTTP Server mod_rewrite Vulnerability

31 May 2013 4218 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY