alerts

Follow @SLCERT

Home
About Us
Services
Knowledge Base
- Policies
- Case Studies
- Best Practices
- Security Tools
- Cyber Guardian
- Alerts
- General
- News
- Statistics
- FAQ
Procurement
Downloads
Events
Contact Us
- Contact Us
- Subscribe

News

More...

Alerts

More...

Events

More...

Denial of Service Vulnerability in IBM WebSphere

Systems Affected

WebSphere Commerce versions 6.0 Feature Pack 2 - 5
WebSphere Commerce versions 7.0.0.0 - 7.0.0.7
WebSphere Commerce versions 7.0 Feature Pack 1 - 7

Threat Level

			High

Overview

A vulnerability has been reported in IBM WebSphere Commerce Enterprise, Professional, Express, and Developer editions which could be exploited by an attacker to cause denial of service conditions.

Description

This vulnerability is caused due to improper handling of 'id' parameter values.

An attacker could exploit this vulnerability by sending a specially crafted value of the 'id' parameter, hence causing disproportionate consumption of resources thereby causing the system to crash.

Impact

Solution/ Workarounds

Install updated software as mentioned by the vendor

http://www-01.ibm.com/support/docview.wss?uid=swg21671377

References

http://www.cert-in.org.in/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.