IBM WebSphere Application Server DoS Vulnerability

Release date:
Updated on:

Affected Systems:
IBM Websphere Application Server 8.5
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65096
CVE (CAN) ID: CVE-2013-6325

WebSphere is an integrated software platform for IBM. It includes on-demand Web applications that write, run, and monitor around the clock industrial intensity and the entire middleware infrastructure required for cross-platform and cross-product solutions, such as servers, services, and tools.

The IBM WebSphere Application Server 8.5, 8, and 7 versions do not properly process Web service endpoint requests. A denial of service vulnerability exists in implementation. Remote attackers can exploit this vulnerability to exhaust available resources.

<* Source: IBM (ncsupp@ca.ibm.com)

Link: http://xforce.iss.net/xforce/xfdb/88906
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ibm.com/support/fixcentral/
Http://www-01.ibm.com/support/docview.wss? Uid = swg1PM99450
Http://www-01.ibm.com/support/docview.wss? Uid = swg21661323
Http://www-01.ibm.com/support/docview.wss? Uid = swg21661325