Troubleshooting
Problem
This document describes the PSIRT defect "host header injection" information on IBM PureApplication System V2.2.6.0 or IBM Cloud Pak System V2.3.0.x.
Security vulnerability details
This security vulnerability was fixed based on the following CVE details.
CVEID: CVE-2016-5699
DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base Score: 6.5
Background of the problem
The host header injection defect fix resulted in PSM host names getting converted to IP address.
When your system is upgraded to V2.2.6.0 or V2.3.0.x, the fix introduced “PSM host name getting converted to IP address on the existing system”.
The upgraded PSM URL does not appear with host names, the URL will contain IP address.
The upgraded PSM URL does not appear with host names, the URL will contain IP address.
Resolving The Problem
For host names to appear, the PSIRT must be disabled by IBM Support or SWAT.
Contact IBM Support or SWAT.
Document Location
Worldwide
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSM8NY","label":"PureApplication System"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.3.0.1;2.3.0.0;2.2.6.0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.3.0.1;2.3.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
06 May 2020
UID
ibm11071862