IBM Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017)
HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017).
CVE(s): CVE-2015-2017
Affected product(s) and affected version(s):
Affected Principal Product and Version | Affected Supporting Product and Version |
IBM Tivoli Usage and Accounting Manager V7.3, V7.3.0.1, V7.3.0.2, V7.3.0.3, V7.3.0.4 | IBM WebSphere Application Server V7.0.0.11 |
IBM SmartCloud Cost Management V2.1.0, V2.1.0.1 | IBM WebSphere Application Server V7.0.0.19 |
IBM SmartCloud Cost Management V2.1.0.2, V2.1.0.3, V2.1.0.4, V2.1.0.5 | IBM WebSphere Application Server V8.5.5.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/20vxpA4
X-Force Database: http://ift.tt/1NzQBek
from IBM Product Security Incident Response Team http://ift.tt/20vykAv