Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4620A62A87D30B0FF2DED82440931C0C71A86331B8309F5925AE16D4088BFDDF
HistoryFeb 05, 2020 - 12:09 a.m.

Security Bulletin: Denial of Service with WebSphere Application Server affecting Rational Application Developer (CVE-2014-0964)

2020-02-0500:09:48
www.ibm.com
9

EPSS

0.018

Percentile

88.3%

JSON

Summary

There is a potential denial of service with IBM WebSphere Application Server 6.0.2 and 6.1 that affects versions of WebSphere Application Server used with IBM Rational Application Developer.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVEID: CVE-2014-0964

Description: There is a potential denial of service on IBM WebSphere Application Server Version 6.1 and 6.0.2. If you run a Heartbleed scanning tool or send a specially-crafted Heartbeat messages to the server it can cause the IBM SDK for Java for WebSphere Application Server to become stuck in a processing loop resulting in high CPU usage. If enough processing loops are generated the server may become unresponsive and require a server restart. There is no impact to confidentiality or integrity.

CVSS Base Score: 7.1 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92877&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

Affected Products and Versions

The SDK shipped with the IBM WebSphere Test Environment Version 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 packaged in Rational Application Developer 7.0, 7.5, and 8.0.

Remediation/Fixes

Upgrade the SDK of the WebSphere Test Environment to an interim fix level as determined below:

Product VRMF APAR Remediation/First Fix
Rational Application Developer 7.0 through 7.0.0.10 Interim Fix 002. PI17772 For versions V6.0.2.0 through 6.0.2.43, contact IBM Rational Application Developer support and request the WebSphere Test Environment v6.0 fix for APAR PI17772.
Rational Application Developer 7.5 through 7.5.5.5 Interim Fix 001

8.0 through 8.0.4.3| PI17772|

Note: The fix provided by WebSphere Application Server can also be directly applied to the WebSphere Test Environment packaged with Rational Application Developer.

Workarounds and Mitigations

If you are using Heartbleed tools to detect the OpenSSL Heartbleed vulnerability, you should stop the tool.

Related

openvas 1
ibm 10
prion 1
cve 1
nvd 1
attackerkb 1
cvelist 1
openvas
openvas
IBM Websphere Application Server Denial Of Service Vulnerability 01 (Jan 2016)
2016-01-19 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Key Lifecycle Manager can be affected by a denial of service vulnerability in WebSphere Application Server (CVE-2014-0964)
2018-06-16 21:17:42
Security Bulletin: Denial of Service with WebSphere Application Server 6.1 shipped with WebSphere Enterprise Service Bus (WESB) V6.2 (CVE-2014-0964)
2018-06-15 07:00:20
Security Bulletin: Denial of Service with WebSphere Application Server affecting IBM Tivoli Security Policy Manager. (CVE-2014-0964)
2018-06-16 21:17:47
prion
prion
Code injection
2014-05-16 11:12:00
cve
cve
CVE-2014-0964
2014-05-16 11:12:00
nvd
nvd
CVE-2014-0964
2014-05-16 11:12:00
attackerkb
attackerkb
CVE-2014-0964
2014-05-16 00:00:00
cvelist
cvelist
CVE-2014-0964
2014-05-16 10:00:00

EPSS

0.018

Percentile

88.3%

JSON
Related for 4620A62A87D30B0FF2DED82440931C0C71A86331B8309F5925AE16D4088BFDDF
openvas1ibm10prion1cve1nvd1attackerkb1cvelist1