Release date:
Updated on:
Affected Systems:
IBM MessageSight <1.1.0.0-IBM-IMA-IT01015
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66952
CVE (CAN) ID: CVE-2014-0922
IBM MessageSight is a fully functional messaging device designed for machine-to-machine (m2m) and mobile environments.
A Denial-of-Service vulnerability exists in IBM MessageSight 1.0, 1.1, and other versions. Remote attackers can use WebSockets connections to exhaust system resources on the MessageSight server, resulting in DOS.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://xforce.iss.net/xforce/xfdb/92075
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ibm.com/support/fixcentral/
Http://www-01.ibm.com/support/docview.wss? Uid = swg1IC98692
Http://www-01.ibm.com/support/docview.wss? Uid = swg21670278