CVE-2008-4283 : CRLF injection vulnerability in the WebContainer component in IBM WebSphere Appl

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Published 2009-02-10 22:30:00

Updated 2017-08-08 01:32:32

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2008-4283

IBM » Websphere Application Server
Versions up to, including, (<=) 5.1.1.19
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.3
cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0
cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0
cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.5
cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.6
cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.7
cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1
cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.1
cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.1
cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.8
cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.9
cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.2
cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.3
cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2
cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.1
cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.2
cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.3
cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.4
cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.4
cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.5
cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0 Z Os Edition
cpe:2.3:a:ibm:websphere_application_server:5.0:*:z_os:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.10
cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.11
cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.4
cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.5
cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.12
cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.13
cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.14
cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.6
cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.7
cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.2
cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.8
cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.9
cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.0
cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.11
cpe:2.3:a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.10
cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.15
cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.16
cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.12
cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.14
cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.15
cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.16
cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.13
cpe:2.3:a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.17
cpe:2.3:a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.18
cpe:2.3:a:ibm:websphere_application_server:5.1.1.18:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2008-4283

Top countries where our scanners detected CVE-2008-4283

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2008-4283 92

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-4283!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-4283

EPSS FAQ

0.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-4283

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4283

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4283