Summary
The host is running IBM WebSphere Application Server and is prone to denial of service vulnerability.
Impact
Successful exploitation will let attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Impact Level: Application
Solution
Upgrade to version 6.1.0.43 or 7.0.0.23 or 8.0.0.3 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034
Insight
The flaw is due to an error in computing hash values for 'form' parameters without restricting the ability to trigger hash collisions predictably which allows remote attackers to cause a denial of service.
Affected
IBM WebSphere Application Server (WAS) 6.0 to 6.0.2.43 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.23 IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.3
References
Severity
Classification
-
CVE CVE-2012-0193 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- bozohttpd Security Bypass Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- JServ Cross Site Scripting
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011