ID CVE-2002-1153
Summary IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
References
Vulnerable Configurations
  • IBM WebSphere Application Server 4.0.3
    cpe:2.3:a:ibm:websphere_application_server:4.0.3
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id WEBSPHERE_TOO_LONG_HEADER.NASL
description It was possible to kill the WebSphere server by sending an invalid request for a .jsp with a too long Host: header. An attacker may exploit this vulnerability to make your web server crash continually.
last seen 2019-01-16
modified 2018-11-15
plugin id 11181
published 2002-12-02
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11181
title IBM WebSphere HTTP Request Header Remote Overflow
refmap via4
bid 5749
bugtraq 20020919 KPMG-2002035: IBM Websphere Large Header DoS
confirm ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
osvdb 2092
xf websphere-host-header-bo(10140)
Last major update 17-10-2016 - 22:24
Published 11-10-2002 - 00:00
Back to Top