CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x prior to 6.1.0.3 CF26, 6.1.5.x prior to 6.1.5 CF26, 7.0.0.x prior to 7.0.0.2 CF21, and 8.0.0.x up to and including 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere portal 8.0.0.0 |
||
ibm websphere portal 8.0 |
||
ibm websphere portal 8.0.0.1 |
||
ibm websphere portal 7.0.0.2 |
||
ibm websphere portal 7.0.0.1 |
||
ibm websphere portal 7.0.0.0 |
||
ibm websphere portal 6.1.0.3 |
||
ibm websphere portal 6.1.5.0 |
||
ibm websphere portal 6.1.0.0 |
||
ibm websphere portal 6.1.0.1 |
||
ibm websphere portal 6.1.0.2 |