CVE-2008-4283

IBM WebSphere Application Server < 5.1.1.19 - HTTP Response Splitting via CRLF Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864
Various Sources vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK69929
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33700
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47199

Scores

EPSS 0.0330
EPSS Percentile 87.1%

Details

CWE
CWE-20
Status published
Products (45)
ibm/websphere_application_server 5.0 (2 CPE variants)
ibm/websphere_application_server 5.0.0
ibm/websphere_application_server 5.0.1
ibm/websphere_application_server 5.0.2
ibm/websphere_application_server 5.0.2.1
ibm/websphere_application_server 5.0.2.2
ibm/websphere_application_server 5.0.2.3
ibm/websphere_application_server 5.0.2.4
ibm/websphere_application_server 5.0.2.5
ibm/websphere_application_server 5.0.2.6
... and 35 more
Published Feb 10, 2009
Tracked Since Feb 18, 2026