 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.806883 |
| Categoría: | Web Servers |
| Título: | IBM WebSphere Application Server CRLF Injection Vulnerability (Feb 2016) |
| Resumen: | IBM WebSphere Application Server is prone to a CRLF injection; vulnerability. |
| Descripción: | Summary: IBM WebSphere Application Server is prone to a CRLF injection vulnerability. Vulnerability Insight: The flaw is due to an HTTP response splitting attack vulnerability. Vulnerability Impact: Successful exploitation will allow a remote attacker to use specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. Affected Software/OS: IBM WebSphere Application Server version 6.1.x through 6.1.0.47, 7.0.x prior to 7.0.0.39, 8.0.x prior to 8.0.0.12 and 8.5.x prior to 8.5.5.8. Solution: Update to version 6.1.0.48, 7.0.0.39, 8.0.0.12, 8.5.5.8 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2017 AIX APAR: PI45266 http://www-01.ibm.com/support/docview.wss?uid=swg1PI45266 BugTraq ID: 78457 http://www.securityfocus.com/bid/78457 http://www.securitytracker.com/id/1034096 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |