Summary
The host is running IBM WebSphere Application Server and is prone to denial of service vulnerability.
Impact
Successful exploitation will let attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Impact Level: Application
Solution
Upgrade to version 6.1.0.43 or 7.0.0.23 or 8.0.0.3 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034
Insight
The flaw is due to an error in computing hash values for 'form' parameters without restricting the ability to trigger hash collisions predictably which allows remote attackers to cause a denial of service.
Affected
IBM WebSphere Application Server (WAS) 6.0 to 6.0.2.43 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.23 IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.3
References
Severity
Classification
-
CVE CVE-2012-0193 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- Cherokee Directory Traversal Vulnerability
- GoAhead WebServer Script Source Code Disclosure
- IBM WebSphere Application Server Administration Console DoS vulnerability