Design/Logic Flaw

2008-10-2218:00:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to “storage overlay” on the stack and a “parse failure.”

CPENameOperatorVersion
websphere_application_servereq6.0.2.1
websphere_application_servereq6.0.2.5
websphere_application_servereq6.0.2.13
websphere_application_servereq6.0.2.9
websphere_application_servereq6.0.2.11
websphere_application_servereq6.0.2.6
websphere_application_servereq6.0.2.2
websphere_application_servereq6.0.2
websphere_application_servereq6.0.2.15
websphere_application_servereq6.0.2.4

Name	Operator	Version
websphere_application_server	eq	6.0.2.1
websphere_application_server	eq	6.0.2.5
websphere_application_server	eq	6.0.2.13
websphere_application_server	eq	6.0.2.9
websphere_application_server	eq	6.0.2.11
websphere_application_server	eq	6.0.2.6
websphere_application_server	eq	6.0.2.2
websphere_application_server	eq	6.0.2
websphere_application_server	eq	6.0.2.15
websphere_application_server	eq	6.0.2.4