CVE-2015-2017 Information

Description

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47 7.0 before 7.0.0.39 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Reference

http://www.securityfocus.com/bid/78457 http://www.securitytracker.com/id/1034096 http://www-01.ibm.com/support/docview.wss?uid=swg1PI45266 http://www-01.ibm.com/support/docview.wss?uid=swg21966837