IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6618747 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
14 Sep 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Ibm i
Linux linux Kernel Microsoft Microsoft windows Hp Oracle Hp hp-ux Apple macos Ibm websphere Application Server Oracle solaris Apple Ibm Ibm z\/os Linux Ibm aix |
|
CWE | CWE-20 | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 - VDB Entry, Vendor Advisory | |
References | (CONFIRM) https://www.ibm.com/support/pages/node/6618747 - Patch, Vendor Advisory |
09 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-09 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-34165
Mitre link : CVE-2022-34165
CVE.ORG link : CVE-2022-34165
JSON object : View
Products Affected
oracle
- solaris
ibm
- websphere_application_server
- i
- aix
- z\/os
apple
- macos
linux
- linux_kernel
microsoft
- windows
hp
- hp-ux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')