ID CVE-2014-0963
Summary The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21672192 "Affected Products and Versions All versions of IBM Security Access Manager for Web, both software and appliance: 7.0, 8.0"
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*
  • cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
    cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
  • cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
    cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
aixapar IV59660
bid 67238
confirm
sectrack 1030707
secunia
  • 58845
  • 59245
  • 59249
xf ibm-gskit-cve20140963-dos(92844)
Last major update 29-08-2017 - 01:34
Published 08-05-2014 - 10:55
Back to Top