Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-135


IBM WebSphere Application Server Edge Caching Proxy Lets Remote Users Conduct HTTP Response Splitting Attacks
Severity Rating: Medium
Systems Affected:
  • IBM WebSphere Application Server Edge Caching Proxy versions 7.0, 8.0, 8.5, 9.0
Description
A vulnerability has been identified in IBM WebSphere Application Server Edge Caching Proxy and can be exploited by remote attackers to conduct HTTP response splitting attacks. This vulnerability has been exploited using this specially-crafted URL to cause the server to return a split response, once the URL is clicked. This vulnerability would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
Solution
Users are advised to apply updates.
More information is available on:
Vendor Information
IBM
CVE Information
References
IBM Security Bulletin
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis