VYPR
Unrated severityNVD Advisory· Published Jun 29, 2015· Updated Jun 17, 2026

CVE-2015-0196

CVE-2015-0196

Description

CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

21
  • cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*
    • (no CPE)range: 6.0 through 6.0.0.11, 7.0 before 7.0.0.8 Cumulative iFix 2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.