Design/Logic Flaw

2012-08-2110:46:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

69.2%

JSON

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1.0.31
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.33
websphere_application_servereq6.1.0.25
websphere_application_servereq6.1.0.11
websphere_application_servereq6.1.0.41
websphere_application_servereq6.1.0.39
websphere_application_servereq6.1.0.43

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1.0.31
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.33
websphere_application_server	eq	6.1.0.25
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	6.1.0.41
websphere_application_server	eq	6.1.0.39
websphere_application_server	eq	6.1.0.43