ID CVE-2016-8919
Summary IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:9.0
    cpe:2.3:a:ibm:websphere_application_server:9.0
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5
    cpe:2.3:a:ibm:websphere_application_server:8.5.5
  • IBM WebSphere Application Server 8.0
    cpe:2.3:a:ibm:websphere_application_server:8.0
  • IBM WebSphere Application Server 7.0
    cpe:2.3:a:ibm:websphere_application_server:7.0
CVSS
Base: 7.8 (as of 10-02-2017 - 13:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family Web Servers
NASL id WEBSPHERE_SWG21993797.NASL
description The IBM WebSphere Application Server running on the remote host is version 7.0.0.x prior to 7.0.0.43, 8.0.0.x prior to 8.0.0.14, 8.5.x prior to 8.5.5.12, or 9.0.0.x prior to 9.0.0.4. It is, therefore, affected by an input validation flaw in SOAP connectors that allows a remote user to cause serialized objects to run, consuming excessive resources on the target system.
last seen 2019-01-16
modified 2017-08-18
plugin id 102586
published 2017-08-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=102586
title IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.0.x < 9.0.0.4 SOAP Connectors DoS
refmap via4
bid 95650
confirm http://www.ibm.com/support/docview.wss?uid=swg21993797
sectrack 1037710
Last major update 13-02-2017 - 17:20
Published 01-02-2017 - 17:59
Back to Top