CVE-2008-4283
IBM WebSphere Application Server < 5.1.1.19 - HTTP Response Splitting via CRLF Injection
Title source: llmDescription
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK69929
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47199
Scores
EPSS
0.0330
EPSS Percentile
87.1%
Details
CWE
CWE-20
Status
published
Products (45)
ibm/websphere_application_server
5.0 (2 CPE variants)
ibm/websphere_application_server
5.0.0
ibm/websphere_application_server
5.0.1
ibm/websphere_application_server
5.0.2
ibm/websphere_application_server
5.0.2.1
ibm/websphere_application_server
5.0.2.2
ibm/websphere_application_server
5.0.2.3
ibm/websphere_application_server
5.0.2.4
ibm/websphere_application_server
5.0.2.5
ibm/websphere_application_server
5.0.2.6
... and 35 more
Published
Feb 10, 2009
Tracked Since
Feb 18, 2026