IBM WebSphere HTTP Post Overflow

2002-09-19T00:00:00
ID OSVDB:2092
Type osvdb
Reporter OSVDB
Modified 2002-09-19T00:00:00

Description

Vulnerability Description

A buffer overflow vulnerability has been reported for IBM WebSphere 4.0.3 running on a Microsoft Windows 2000 platform. IBM WebSphere does not properly perform bounds checking when receiving HTTP requests. Specifically, the vulnerability is related to the WebSphere plugin not limiting the size of HTTP POST data that would be received by the application server.

The application server will crash when it receives an overly large HTTP POST request.

Solution Description

A patch is available:

IBM Websphere Application Server 4.0.3:

IBM Patch PQ62144

http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q=PQ62144&uid=swg24001610

Short Description

A buffer overflow vulnerability has been reported for IBM WebSphere 4.0.3 running on a Microsoft Windows 2000 platform. IBM WebSphere does not properly perform bounds checking when receiving HTTP requests. Specifically, the vulnerability is related to the WebSphere plugin not limiting the size of HTTP POST data that would be received by the application server.

The application server will crash when it receives an overly large HTTP POST request.

References:

Nessus Plugin ID:11181 CVE-2002-1153 Bugtraq ID: 5749