7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.015 Low
EPSS
Percentile
86.8%
A potential denial of service vulnerability in SSL handshake processing in IBM HTTP Server (IHS).
CVEID: CVE-2013-6329
Description: Potential denial of service in SSL handshake processing.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88939 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
**VERSIONS AFFECTED:**This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products:
Β· Version 8.5.5
Β· Version 8.5
Β· Version 8
Β· Version 7
Β· Version 6.1
The recommended solution is to apply the Fix Pack or PTF for each named product as soon as practical
**Fix:**Apply a Fix Pack or PTF containing APAR PI05309, as noted below:
For affected IBM HTTP Server for WebSphere Application Server:
For V8.5.0.0 through 8.5.5.1 Full Profile:
Apply Interim Fix PI05309
--ORβ
Apply Fix Pack 8.5.5.2 or later.
**
For V8.0 through 8.0.0.8:**
Apply Interim Fix PI05309
--ORβ
Apply Fix Pack 8.0.0.9 or later.
For V7.0.0.0 through 7.0.0.31:
Due to a publishing issue with PI05309 for Version 7 only, apply PI09443 which supercedes the fix for PI05309
Apply Interim Fix PI09443
--ORβ
Apply Fix Pack 7.0.0.33 or later.
**
For V6.1.0.0 through 6.1.0.47:**
Apply Interim Fix PI05309
Disabling the SSLv3 Session cache will circumvent this issue, but may lead to higher CPU usage. To use the circumvention:
For Windows platforms, do one of the following:
--ORβ
For IBM HTTP Server Version 8.0.0.0 or later:
Any Release:
--ORβ