CVE-2017-1503

{"id": "CVE-2017-1503", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-10-10T21:29:00.210", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22006815", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/101234", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1039521", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578."}, {"lang": "es", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques de divisi\u00f3n de respuestas HTTP. Un atacante remoto podr\u00eda explotar esta vulnerabilidad utilizando una URL especialmente manipulada para provocar que el servidor devuelva una respuesta dividida una vez que se hacer clic en la URL. Esto permitir\u00eda que el atacante realice m\u00e1s ataques como el envenenamiento de la memoria cach\u00e9 web, Cross-Site Scripting (XSS) y posiblemente la obtenci\u00f3n de informaci\u00f3n sensible. IBM X-Force ID: 129578."}], "lastModified": "2017-11-05T21:10:14.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07EBB48B-4EE2-4333-851E-BA1B104FBE92"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}