IBM79F812F6C18EABA3AFF6F84A0ADA5A8E62100050014FE395A6BD19B42D3BEA39Security Bulletin: IBM MQ Light - Improper handling of authentication credentials (CVE-2015-1956)
0.002 Low
EPSS
Percentile
61.2%
Summary
IBM MQ Light is vulnerable to a denial of service, caused by an improper handling of authentication credentials. By constructing particular byte sequences a remote attacker could cause consumption of all available disk resources.
Vulnerability Details
CVEID: CVE-2015-1956**
DESCRIPTION:** IBM MQ Light is vulnerable to a denial of service, caused by an improper handling of authentication credentials. By constructing particular byte sequences a remote attacker could cause consumption of all available disk resources.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103481 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Affected Products and Versions
The vulnerability affects users of IBM MQ Light V1.0 and V1.0.0.1 on all platforms.
Remediation/Fixes
Download and install the latest MQ Light Server appropriate for your platform from <https://developer.ibm.com/messaging/mq-light/>.
The following link describes how to re-use the data from your existing installation: _
__http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq light | eq | 1.0 |
Related
0.002 Low
EPSS
Percentile
61.2%