Vulnerability Description
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | <= 5.1.1.19 |
Related Weaknesses (CWE)
References
- http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK69929
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47199
- http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK69929
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47199
FAQ
What is CVE-2008-4283?
CVE-2008-4283 is a vulnerability with a CVSS score of 10.0 (HIGH). CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and co...
How severe is CVE-2008-4283?
CVE-2008-4283 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4283?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.