Vulnerability Description
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | <= 6.0.2.15 |
References
- http://osvdb.org/34484
- http://secunia.com/advisories/24552
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732PatchVendor Advisory
- http://www.securityfocus.com/bid/23086
- http://www.securitytracker.com/id?1017806
- http://www.vupen.com/english/advisories/2007/1062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33123
- http://osvdb.org/34484
- http://secunia.com/advisories/24552
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732PatchVendor Advisory
- http://www.securityfocus.com/bid/23086
- http://www.securitytracker.com/id?1017806
- http://www.vupen.com/english/advisories/2007/1062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33123
FAQ
What is CVE-2007-1608?
CVE-2007-1608 is a vulnerability with a CVSS score of 7.5 (HIGH). CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single...
How severe is CVE-2007-1608?
CVE-2007-1608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1608?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.