IBM Security Bulletin: HTTP response splitting attack affects IBM TS7700 Virtualization Engine (CVE-2015-2017)

There is a vulnerability in IBM WebSphere Application Server as used by the IBM TS7700 Virtualization Engine that could allow an HTTP response splitting attack.

CVE(s): CVE-2015-2017

Affected product(s) and affected version(s):

All versions of microcode for the IBM Virtualization Engine TS7700 models 3957-V07 and 3957-VEB prior to and including the following are affected:

IBM Virtualization Engine TS7700 models 3957-V06 and 3957-VEA running microcode levels up to and including 8.21.0.178 are unaffected. TS7700 model 3957-VEC is unaffected at any microcode level.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1008115
X-Force Database: http://xforce.iss.net/xforce/xfdb/103991

Machine TypeModelVersion
3957V078.33.0.45
3957VEB8.33.0.45


from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-http-response-splitting-attack-affects-ibm-ts7700-virtualization-engine-cve-2015-2017/