Saturday, 6 August 2016

On 02:14 by admin   No comments
A vulnerability, which was classified as problematic, was found in IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5/9.0.0.0. This affects an unknown function of the component SIP Handler. The manipulation with an unknown input leads to a denial of service vulnerability. This is going to have an impact on availability.
The weakness was presented 08/04/2016 as swg21984796 / 1984796 as confirmed security bulletin (Website). The advisory is shared for download at www-01.ibm.com. This vulnerability is uniquely identified as CVE-2016-2960. The exploitability is told to be easy. It is possible to initiate the attack remotely. Neither technical details nor an exploit are publicly available.
Applying the patch APAR PI61548 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1036514).

CVSSv3

Base Score: 4.3 [?]
Temp Score: 4.1 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C [?]
Reliability: Medium

CVSSv2

Base Score: 4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P) 
Temp Score: 3.5 (CVSS2#E:ND/RL:OF/RC:C) 
Reliability: Medium

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Denial of service
Local: No
Remote: Yes

Countermeasures

Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Patch: APAR PI61548

0 comments:

Post a comment