IBM WebSphere Application Server Edge Caching Proxy Lets Remote Users Conduct HTTP Response Splitting Attacks
Severity Rating: Medium
- IBM WebSphere Application Server Edge Caching Proxy versions 7.0, 8.0, 8.5, 9.0
A vulnerability has been identified in IBM WebSphere Application Server Edge Caching Proxy and can be exploited by remote attackers to conduct HTTP response splitting attacks. This vulnerability has been exploited using this specially-crafted URL to cause the server to return a split response, once the URL is clicked. This vulnerability would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
Users are advised to apply updates.
More information is available on:
IBM Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street