Release date:
Updated on:
Affected Systems:
IBM WebSphere Commerce 7.x
IBM WebSphere Commerce 6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67411
CVE (CAN) ID: CVE-2014-0943
IBM WebSphere Commerce is the industry-leading next-generation e-Commerce solution.
The IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions have a denial of service vulnerability. By sending malformed requests to the id parameter, attackers can exploit this vulnerability to cause the server to exhaust resources and crash.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://www.securelist.com/en/advisories/58534
Http://www-01.ibm.com/support/docview.wss? Uid = swg21671377
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
For this reason, IBM has released a Security Bulletin (swg21671377) and corresponding patches:
Swg21671377: WebSphere Commerce vulnerable to denial of service (DoS) attack (CVE-2014-0943)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21671377
Patch download: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorder? Fixes = 7.0.0.1-WS-WCServer-IFJR49881 & productid = WebSphere % 20 Commerce & brandid = 5
This article permanently updates the link address: