Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Remote Denial of Service Vulnerability in IBM Security Access Manager

 

Systems Affected


  • IBM Security Access Manager for Web 7.0
  • IBM Security Access Manager for Web 8.0
  • IBM Tivoli Access Manager 5.1
  • IBM Tivoli Access Manager 6.0.0
  • IBM Tivoli Access Manager 6.1.0
  • IBM Tivoli Access Manager 6.1.1

Threat Level


High


Overview


A vulnerability has been reported in IBM Security Access Manager (ISAM), which could allow remote attacker to cause a denial of service (infinite loop).


Description


This vulnerability exists in IBM Security Access Manager (ISAM) due to the way Reverse Proxy component handles certain SSL messages. This could cause CPU utilization to rapidly increase and not decrease resulting CPU exhaustion and unresponsiveness. Successful exploitation of this vulnerability could allow remote attacker to do Denial of Service (DoS). Note: The condition occurs only in a certain error case.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in the IBM Security Bulletin
http://www-01.ibm.com/support/docview.wss?uid=swg21672192


References


http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2014-0122


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.