Security Bulletin: IBM MQ Light - Improper handling of authentication credentials (CVE-2015-1958)

Summary

IBM MQ Light is vulnerable to a denial of service, caused by an improper handling of authentication credentials. By constructing particular byte sequences a remote attacker could cause consumption of all available disk resources.

Vulnerability Details

CVEID: CVE-2015-1958**
DESCRIPTION:** IBM MQ Light is vulnerable to a denial of service, caused by an improper handling of authentication credentials. By constructing particular byte sequences a remote attacker could cause consumption of all available disk resources.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Affected Products and Versions

The vulnerabilities affect users of IBM MQ Light V1.0 and V1.0.0.1 on all platforms.

Remediation/Fixes

Download and install the latest MQ Light Server appropriate for your platform from <https://developer.ibm.com/messaging/mq-light/&gt;.

The following link describes how to re-use the data from your existing installation: _
__http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _.

Workarounds and Mitigations

None