APAR status
Closed as program error.
Error description
WebSphere eXtreme Scale is subject to HTTP response splitting attacks.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM WebSphere eXtreme Scale * * V7.1.0 * **************************************************************** * PROBLEM DESCRIPTION: A vulnerability in IBM * * WebSphere eXtreme Scale Client could * * expose sensitive information. * **************************************************************** * RECOMMENDATION: * **************************************************************** CVEID: CVE-2016-0400 DESCRIPTION: IBM WebSphere Extreme Scale is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input when processing malicious requests. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers containing unicode charactesr and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112655 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Problem conclusion
See recommended fixes page for Websphere eXtreme Scale at: http://www-01.ibm.com/support/docview.wss?uid=swg27018991
Temporary fix
Comments
APAR Information
APAR number
PI60898
Reported component name
XD EXTREME SCAL
Reported component ID
5724J3402
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-04-15
Closed date
2016-08-02
Last modified date
2018-08-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
XD EXTREME SCAL
Fixed component ID
5724J3402
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
23 September 2020