Vigil@nce - WebSphere Application Server: HTTP Response Splitting
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an HTTP Response Splitting, in order to alter
HTTP responses of WebSphere AS, so he can obtain information for
example.
Impacted products: WebSphere AS.
Severity: 2/4.
Creation date: 29/06/2016.
DESCRIPTION OF THE VULNERABILITY
The WebSphere Application Server product offers a web service.
However, an attacker can use a malicious query, to split the HTTP
reply of the web service.
An attacker can therefore use an HTTP Response Splitting, in order
to alter HTTP responses of WebSphere AS, so he can obtain
information for example.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/WebSphere-Application-Server-HTTP-Response-Splitting-19994