|
Systems Affected
- IBM Security Access Manager for Web 7.0
- IBM Security Access Manager for Web 8.0
- IBM Tivoli Access Manager 5.1
- IBM Tivoli Access Manager 6.0.0
- IBM Tivoli Access Manager 6.1.0
- IBM Tivoli Access Manager 6.1.1
Threat Level
Overview
A vulnerability has been reported in IBM Security Access Manager (ISAM), which could allow remote attacker to cause a denial of service (infinite loop).
Description
This vulnerability exists in IBM Security Access Manager (ISAM) due to the way Reverse Proxy component handles certain SSL messages. This could cause CPU utilization to rapidly increase and not decrease resulting CPU exhaustion and unresponsiveness.
Successful exploitation of this vulnerability could allow remote attacker to do Denial of Service (DoS).
Note: The condition occurs only in a certain error case.
Impact
Solution/ Workarounds
Apply appropriate patches as mentioned in the IBM Security Bulletin
http://www-01.ibm.com/support/docview.wss?uid=swg21672192
References
http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2014-0122
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
