CVE-2014-0963 - The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISA

CVE-2014-0963

Summary

The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21672192 "Affected Products and Versions All versions of IBM Security Access Manager for Web, both software and appliance: 7.0, 8.0"

References

Vulnerable Configurations

cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

aixapar	IV59660
bid	67238
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21672192 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-304.ibm.com/support/docview.wss?uid=swg21680803 http://www.ibm.com/support/docview.wss?uid=swg21675496
sectrack	1030707
secunia	58845 59245 59249
xf	ibm-gskit-cve20140963-dos(92844)

Last major update

29-08-2017 - 01:34

Published

08-05-2014 - 10:55

Last modified

29-08-2017 - 01:34