IBM WebSphere Application Server Hash Collisions DOS Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will let attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Impact Level: Application

Solution

Upgrade to version 6.1.0.43 or 7.0.0.23 or 8.0.0.3 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034

Insight

The flaw is due to an error in computing hash values for 'form' parameters without restricting the ability to trigger hash collisions predictably which allows remote attackers to cause a denial of service.

Affected

IBM WebSphere Application Server (WAS) 6.0 to 6.0.2.43 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.23 IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.3

References

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-0193

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities