Edge Caching Proxy HTTP splitting attack (CVE-2017-1503)
PI82587 resolves the following problem:
ERROR DESCRIPTION:
WebSphere Application Server Caching Proxy could be vulnerable to HTTP response splitting attacks, caused by improper validation. A remote attacker could exploit this vulnerability by using a specially-crafted URL to cause the server to return a split response.
PROBLEM SUMMARY:
Potential vulnerability for Edge Caching Proxy.
PROBLEM CONCLUSION:
The component was updated to resolve the vulnerability.
This fix is targeted for IBM Caching Proxy fixpacks:
- 7.0.0.45
- 8.0.0.14
- 8.5.5.13
- 9.0.0.5
The fixes for 8.5.5 and 9.0 can be installed used IBM Installation Manager (IM).
The fixes for 7.0 are installed by extracting the platform specific fixes from the supplied fix file, then installing the appropriate one of those. For the Windows platform, extract that zip contents and invoke setup.exe. For all other platforms extract the platform specific files and use rpm/installp to install.
On
[{"DNLabel":"7.0.0.41 - 7.0.0.43","DNDate":"6 Oct 2017","DNLang":"US English","DNSize":"241127143","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server&fixids=7.0.0-WS-EDGECP-FP000000431","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.11","DNDate":"6 Oct 2017","DNLang":"US English","DNSize":"273910303","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server&fixids=8.5.5-WS-EDGECP-FP000000111","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.12","DNDate":"6 Oct 2017","DNLang":"US English","DNSize":"273503477","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server&fixids=8.5.5-WS-EDGECP-FP000000122","DNURL_FTP":" ","DDURL":null},{"DNLabel":"9.0.0.3","DNDate":"6 Oct 2017","DNLang":"US English","DNSize":"285501112","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server&fixids=9.0.3-WS-EDGECP-FP00000031","DNURL_FTP":" ","DDURL":null},{"DNLabel":"9.0.0.4","DNDate":"6 Oct 2017","DNLang":"US English","DNSize":"285146425","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Application+Server&fixids=9.0.4-WS-EDGECP-FP00000042","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Edge Component","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0.0.4;9.0.0.3;8.5.5.12;8.5.5.11;7.0.0.43;7.0.0.41","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]