SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  IBM WebSphere Vendors:  IBM
IBM WebSphere Can Be Crashed By Remote Users Sending Large HTTP Headers
SecurityTracker Alert ID:  1010797
SecurityTracker URL:  http://securitytracker.com/id?1010797
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 28 2004
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 4.0.1, 4.0.2, 4.0.3
Description:  A denial of service vulnerability was reported in IBM WebSphere. A remote user can cause the web service to crash.

IBM reported that a remote user can send a specially crafted HTTP request with large headers to cause the web service to crash.

This bug is documented in APAR PQ62144.
Impact:  A remote user can cause the web service to crash.
Solution:  IBM has released a fixed version (4.0.4), also known as Fix Pack 4 for IBM WebSphere Application Server Version 4.0.

The interim APAR fix PQ62144 and the WebSphere Application Server Fix Pack 4.0.4 are available at:

http://www.ibm.com/software/webservers/appserv/was/support/

Then, search for "PQ62144" or "Fix Pack 4.0".
Vendor URL:  www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21053738&loc=en_US&cs=utf-8&lang=en+en (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Wed, 28 Jul 2004 02:17:28 -0400
Subject:  Reference number 1053738

 

http://www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21053738&loc=en_US
&cs=utf-8&lang=en+en

Reference number 1053738

 > Possible security exposure with Web servers running with IBM WebSphere
 > Application Server Version 4.0 release plug-ins (APAR PQ62144 and Fix Pack 4.0.4)

IBM reported a vulnerability in IBM WebSphere Application Server versions 4.0.1 through 
4.0.3 in the processing of HTTP requests.  A remote user can send a specially crafted HTTP 
request with large headers to cause the web service to crash.

This bug is documented in APAR PQ62144.

The following operating systems are affected: AIX, HPUX, Linux, Multi-Platform, Solaris, 
and Windows.

IBM has released a fixed version (4.0.4), also known as Fix Pack 4 for IBM WebSphere 
Application Server Version 4.0.

To download the interim APAR fix PQ62144 or WebSphere Application Server Fix Pack 4.0.4 
(or later):

    1. Go to http://www.ibm.com/software/webservers/appserv/was/support/
    2. Search for "PQ62144" or "Fix Pack 4.0" and download the latest 4.0.x Fix
       Pack of 4.0.4 or later.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC