Release date:
Updated on:
Affected Systems:
IBM Websphere Application Server 8.x
IBM Websphere Application Server 7.x
IBM Websphere Application Server 6.x
Unaffected system:
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 6.1.0.45
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55185
Cve id: CVE-2012-2190
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
IBM WebSphere Application Server (WAS) 6.1.0.45 before 6.1.x, 7.0.0.25 before 7.0.x, 8.0.0.4 before 8.0.x, 8.5.0.1 before 8.5.x, a remote denial of service vulnerability exists in the implementation of the IBM Global Security Kit (GSKit) used in the ibm http Server. A denial of service can be caused by a specially crafted ClientHello message in the TLS handshake protocol.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21606096
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/