[Japanese]

JVNDB-2011-000017

IBM WebSphere Application Server vulnerable to denial-of-service (DoS)

Overview

IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.

IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).

According to the developer:

" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


IBM Corporation
  • IBM WebSphere Application Server from V6.0 to V6.0.2.43
  • IBM WebSphere Application Server from V6.1 to V6.1.0.35
  • IBM WebSphere Application Server from V7.0 to V7.0.0.13
Hewlett-Packard Development Company,L.P
  • HP Systems Insight Manager prior to v7.0

Impact

A remote attacker may cause a denial-of-service (DoS).
Solution

[Apply a patch]
Apply the appropriate patch according to the information provided by the developer.
Vendor Information

IBM Corporation Hewlett-Packard Development Company,L.P NEC Corporation
  • NEC Security Information : NV18-002 (in Japanese)
CWE (What is CWE?)

  1. Numeric Errors(CWE-189) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-4476
References

  1. JVN : JVN#26301278
  2. JVN Status Tracking Notes : JVNTR-2011-02
  3. National Vulnerability Database (NVD) : CVE-2010-4476
  4. Secunia Advisory : SA43295
  5. SecurityTracker : 1025062
Revision History

  • [2011/03/04]
      Web page published
    [2013/03/26]
      Affected Products : Product was added (HPSBMU02769 SSRT100846)
      Vendor Information : Content was added (HPSBMU02769 SSRT100846)
    [2018/02/07]
      Vendor Information : Content was added