What is the severity of CVE-2016-0359?

CVE-2016-0359 is classified as a high severity vulnerability due to its potential to allow HTTP response splitting attacks.

How do I fix CVE-2016-0359?

To fix CVE-2016-0359, upgrade IBM WebSphere Application Server to versions 7.0.0.43, 8.0.0.13, or 8.5.5.10 or later.

Which versions of IBM WebSphere Application Server are affected by CVE-2016-0359?

Versions affected by CVE-2016-0359 include WebSphere Application Server 7.0 through 7.0.0.42, 8.0 through 8.0.0.12, and several versions of 8.5 Full and Liberty profile prior to specified fix levels.

What type of attack can be executed using CVE-2016-0359?

CVE-2016-0359 allows remote attackers to perform HTTP response splitting attacks via crafted HTTP headers.

Is CVE-2016-0359 specific to a certain environment of IBM WebSphere?

Yes, CVE-2016-0359 specifically affects certain versions of IBM WebSphere Application Server, including full versions and Liberty profiles.

Vulnerability/
CVE-2016-0359

medium

6.1

CWE

3/7/2016

5/8/2024

CVE-2016-0359: CRLF Injection

First published: Sun Jul 03 2016(Updated: )

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	=7.0
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.6
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.8
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.9
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.10
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.11
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.12
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.13
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.14
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.16
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.17
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.18
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.19
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.21
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.22
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.23
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.24
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.25
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.27
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.28
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.29
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.31
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.32
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.33
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.34
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.35
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.36
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.37
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.38
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.39
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.41
IBM WebSphere Application Server Feature Pack for Web Services	=8.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.6
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.8
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.9
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.10
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.11
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.12
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.4
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.5
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.6
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.7
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.8
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-0359?
CVE-2016-0359 is classified as a high severity vulnerability due to its potential to allow HTTP response splitting attacks.
How do I fix CVE-2016-0359?
To fix CVE-2016-0359, upgrade IBM WebSphere Application Server to versions 7.0.0.43, 8.0.0.13, or 8.5.5.10 or later.
Which versions of IBM WebSphere Application Server are affected by CVE-2016-0359?
Versions affected by CVE-2016-0359 include WebSphere Application Server 7.0 through 7.0.0.42, 8.0 through 8.0.0.12, and several versions of 8.5 Full and Liberty profile prior to specified fix levels.
What type of attack can be executed using CVE-2016-0359?
CVE-2016-0359 allows remote attackers to perform HTTP response splitting attacks via crafted HTTP headers.
Is CVE-2016-0359 specific to a certain environment of IBM WebSphere?
Yes, CVE-2016-0359 specifically affects certain versions of IBM WebSphere Application Server, including full versions and Liberty profiles.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0
version/ibm websphere application server feature pack for web services/7.0.0.0
version/ibm websphere application server feature pack for web services/7.0.0.1
version/ibm websphere application server feature pack for web services/7.0.0.2
version/ibm websphere application server feature pack for web services/7.0.0.3
version/ibm websphere application server feature pack for web services/7.0.0.4
version/ibm websphere application server feature pack for web services/7.0.0.5
version/ibm websphere application server feature pack for web services/7.0.0.6
version/ibm websphere application server feature pack for web services/7.0.0.7
version/ibm websphere application server feature pack for web services/7.0.0.8
version/ibm websphere application server feature pack for web services/7.0.0.9
version/ibm websphere application server feature pack for web services/7.0.0.10
version/ibm websphere application server feature pack for web services/7.0.0.11
version/ibm websphere application server feature pack for web services/7.0.0.12
version/ibm websphere application server feature pack for web services/7.0.0.13
version/ibm websphere application server feature pack for web services/7.0.0.14
version/ibm websphere application server feature pack for web services/7.0.0.15
version/ibm websphere application server feature pack for web services/7.0.0.16
version/ibm websphere application server feature pack for web services/7.0.0.17
version/ibm websphere application server feature pack for web services/7.0.0.18
version/ibm websphere application server feature pack for web services/7.0.0.19
version/ibm websphere application server feature pack for web services/7.0.0.21
version/ibm websphere application server feature pack for web services/7.0.0.22
version/ibm websphere application server feature pack for web services/7.0.0.23
version/ibm websphere application server feature pack for web services/7.0.0.24
version/ibm websphere application server feature pack for web services/7.0.0.25
version/ibm websphere application server feature pack for web services/7.0.0.27
version/ibm websphere application server feature pack for web services/7.0.0.28
version/ibm websphere application server feature pack for web services/7.0.0.29
version/ibm websphere application server feature pack for web services/7.0.0.31
version/ibm websphere application server feature pack for web services/7.0.0.32
version/ibm websphere application server feature pack for web services/7.0.0.33
version/ibm websphere application server feature pack for web services/7.0.0.34
version/ibm websphere application server feature pack for web services/7.0.0.35
version/ibm websphere application server feature pack for web services/7.0.0.36
version/ibm websphere application server feature pack for web services/7.0.0.37
version/ibm websphere application server feature pack for web services/7.0.0.38
version/ibm websphere application server feature pack for web services/7.0.0.39
version/ibm websphere application server feature pack for web services/7.0.0.41
version/ibm websphere application server feature pack for web services/8.0
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.1
version/ibm websphere application server feature pack for web services/8.0.0.2
version/ibm websphere application server feature pack for web services/8.0.0.3
version/ibm websphere application server feature pack for web services/8.0.0.4
version/ibm websphere application server feature pack for web services/8.0.0.5
version/ibm websphere application server feature pack for web services/8.0.0.6
version/ibm websphere application server feature pack for web services/8.0.0.7
version/ibm websphere application server feature pack for web services/8.0.0.8
version/ibm websphere application server feature pack for web services/8.0.0.9
version/ibm websphere application server feature pack for web services/8.0.0.10
version/ibm websphere application server feature pack for web services/8.0.0.11
version/ibm websphere application server feature pack for web services/8.0.0.12
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.5.4
version/ibm websphere application server feature pack for web services/8.5.5.5
version/ibm websphere application server feature pack for web services/8.5.5.6
version/ibm websphere application server feature pack for web services/8.5.5.7
version/ibm websphere application server feature pack for web services/8.5.5.8
version/ibm websphere application server feature pack for web services/8.5.5.9