CVE-2017-1503

Low

Low Medium High Critical

CVSS Score

Published: Oct 10, 2017

Last Modified: Apr 20, 2025

Vulnerability Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.

Known Affected Software

4 configuration(s) from 1 vendor(s)

websphere_application_server

Version:

8.5

CPE:

cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*

websphere_application_server

Version:

8.0

CPE:

cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

websphere_application_server

Version:

9.0

CPE:

cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

websphere_application_server

Version:

7.0

CPE:

cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

This vulnerability affects 4 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base