Vulnerability Details : CVE-2015-2028
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Products affected by CVE-2015-2028
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2028
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2028
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2015-2028
-
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
IBM Security Bulletin: : The WebSphere eXtreme Scale 7.1.0 and 7.1.1 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2028 CVE-2015-Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
IBM PI44105: The WebSphere eXtreme Scale 7.1.0 monitoring console lacks protection for various vulnerabilities.Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
IBM PI44098: The WebSphere eXtreme Scale 7.1.1, 8.5, and 8.6 monitoring console lacks protection for various vulnerabilities.Patch;Vendor Advisory
Jump to