IBM WebSphere Lets Remote Users Deny Service By Sending Large HTTP Header Values
|
|
SecurityTracker Alert ID: 1015857 |
|
SecurityTracker URL: http://securitytracker.com/id/1015857
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 3 2006
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0.1 - 4.0.3
|
Description:
A vulnerability was reported in IBM WebSphere. A remote user can cause denial of service conditions.
A remote user can send an HTTP request with specially crafted, large headers to cause the target web server to crash.
|
Impact:
A remote user can cause the target web service to crash.
|
Solution:
The vendor has issued an APAR (PQ62144) and also a fixed version (Fix Pack 4, known also as 4.0.4).
The vendor's advisory is available at:
http://www-1.ibm.com/support/docview.wss?uid=swg21053738
|
Vendor URL: www.ibm.com/support/docview.wss?uid=swg21053738 (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 3 Apr 2006 01:19:59 -0400
Subject: IBM WebSphere Application Server vulnerability
|
http://www-1.ibm.com/support/docview.wss?uid=swg21053738
Possible security exposure with Web servers running with IBM WebSphere Application
Server Version 4.0 release plug-ins (APAR PQ62144 and Fix Pack 4.0.4)
|
|
