Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Denial of Service Vulnerability in IBM WebSphere

 

Systems Affected


  • WebSphere Commerce versions 6.0 Feature Pack 2 - 5
  • WebSphere Commerce versions 7.0.0.0 - 7.0.0.7
  • WebSphere Commerce versions 7.0 Feature Pack 1 - 7

Threat Level


High


Overview


A vulnerability has been reported in IBM WebSphere Commerce Enterprise, Professional, Express, and Developer editions which could be exploited by an attacker to cause denial of service conditions.


Description


This vulnerability is caused due to improper handling of 'id' parameter values.

An attacker could exploit this vulnerability by sending a specially crafted value of the 'id' parameter, hence causing disproportionate consumption of resources thereby causing the system to crash.


Impact



Solution/ Workarounds


Install updated software as mentioned by the vendor

http://www-01.ibm.com/support/docview.wss?uid=swg21671377


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.