Vulnerability Details CVE-2015-0196
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51324
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR52306
- http://www-01.ibm.com/support/docview.wss?uid=swg21960181
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51324
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR52306
- http://www-01.ibm.com/support/docview.wss?uid=swg21960181
Products affected by CVE-2015-0196
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.1
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.10
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.11
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.2
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.3
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.4
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.5
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.6
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.7
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.8
-
cpe:2.3:a:ibm:websphere_commerce:6.0.0.9
-
cpe:2.3:a:ibm:websphere_commerce:7.0
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.1
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.2
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.3
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.4
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.5
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.6
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.7
-
cpe:2.3:a:ibm:websphere_commerce:7.0.0.8