IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6618747 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
Information
Published : 2022-09-09 16:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-34165
Mitre link : CVE-2022-34165
CVE.ORG link : CVE-2022-34165
JSON object : View
Products Affected
linux
- linux_kernel
oracle
- solaris
ibm
- z\/os
- i
- aix
- websphere_application_server
apple
- macos
microsoft
- windows
hp
- hp-ux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')