5

CVE-2012-0193

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version6.0.0.0
IbmWebsphere Application Server Version6.0.0.2
IbmWebsphere Application Server Version6.0.0.3
IbmWebsphere Application Server Version6.0.1.0
IbmWebsphere Application Server Version6.0.1.11
IbmWebsphere Application Server Version6.0.1.12
IbmWebsphere Application Server Version6.0.2.0
IbmWebsphere Application Server Version6.0.2.1
IbmWebsphere Application Server Version6.0.2.2
IbmWebsphere Application Server Version6.0.2.3
IbmWebsphere Application Server Version6.0.2.4
IbmWebsphere Application Server Version6.0.2.5
IbmWebsphere Application Server Version6.0.2.6
IbmWebsphere Application Server Version6.0.2.7
IbmWebsphere Application Server Version6.0.2.8
IbmWebsphere Application Server Version6.0.2.9
IbmWebsphere Application Server Version6.0.2.11
IbmWebsphere Application Server Version6.0.2.13
IbmWebsphere Application Server Version6.0.2.15
IbmWebsphere Application Server Version6.0.2.17
IbmWebsphere Application Server Version6.0.2.19
IbmWebsphere Application Server Version6.0.2.21
IbmWebsphere Application Server Version6.0.2.23
IbmWebsphere Application Server Version6.0.2.25
IbmWebsphere Application Server Version6.0.2.27
IbmWebsphere Application Server Version6.0.2.29
IbmWebsphere Application Server Version6.0.2.31
IbmWebsphere Application Server Version6.0.2.33
IbmWebsphere Application Server Version6.0.2.35
IbmWebsphere Application Server Version6.0.2.37
IbmWebsphere Application Server Version6.0.2.43
IbmWebsphere Application Server Version6.1.0.0
IbmWebsphere Application Server Version6.1.0.1
IbmWebsphere Application Server Version6.1.0.3
IbmWebsphere Application Server Version6.1.0.5
IbmWebsphere Application Server Version6.1.0.7
IbmWebsphere Application Server Version6.1.0.9
IbmWebsphere Application Server Version6.1.0.11
IbmWebsphere Application Server Version6.1.0.13
IbmWebsphere Application Server Version6.1.0.14
IbmWebsphere Application Server Version6.1.0.15
IbmWebsphere Application Server Version6.1.0.17
IbmWebsphere Application Server Version6.1.0.19
IbmWebsphere Application Server Version6.1.0.21
IbmWebsphere Application Server Version6.1.0.23
IbmWebsphere Application Server Version6.1.0.25
IbmWebsphere Application Server Version6.1.0.27
IbmWebsphere Application Server Version6.1.0.33
IbmWebsphere Application Server Version6.1.0.35
IbmWebsphere Application Server Version6.1.0.37
IbmWebsphere Application Server Version6.1.0.39
IbmWebsphere Application Server Version6.1.0.41
IbmWebsphere Application Server Version7.0.0.1
IbmWebsphere Application Server Version7.0.0.2
IbmWebsphere Application Server Version7.0.0.3
IbmWebsphere Application Server Version7.0.0.5
IbmWebsphere Application Server Version7.0.0.7
IbmWebsphere Application Server Version7.0.0.9
IbmWebsphere Application Server Version7.0.0.11
IbmWebsphere Application Server Version7.0.0.13
IbmWebsphere Application Server Version7.0.0.15
IbmWebsphere Application Server Version7.0.0.17
IbmWebsphere Application Server Version7.0.0.19
IbmWebsphere Application Server Version7.0.0.21
IbmWebsphere Application Server Version8.0.0.0
IbmWebsphere Application Server Version8.0.0.1
IbmWebsphere Application Server Version8.0.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.4% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/78321
http://www-01.ibm.com/support/docview.wss?uid=swg1PM53930
http://www-01.ibm.com/support/docview.wss?uid=swg21577532
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24031821
Patch
Vendor Advisory