15 matches found
IBM MQ DoS (7271937)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
DoS (Denial of Service) org.bitbucket.b_c:jose4j Dependency in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.2.14, 9.3.1, 9.4.0, 9.5.1, and 10.2.3 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...
Denial Of Service (DoS)
org.bitbucket.bc:jose4j is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of highly compressed JSON Web Encryption JWE tokens, which allows an attacker to supply a malicious token with an excessive compression ratio that triggers significant memory allocation...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial-of-Service (DoS) due to use of jose4j library
Summary jose.4.j library in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the secure token-based authentication and encryption mechanisms. CVE-2024-29371. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.5, an attacker can cause a...
CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
Security Bulletin: IBM Master Data Management affected by vulnerabilities in IBM WebSphere Application Server (CVE-2023-51775)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)
Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications. Vulnerability Details Refer to the security bulletins listed in the...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...
Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure.
Summary IBM Content Navigator has addressed the following vulnerability. A potential vulnerability in the jose4j module could allow information disclosure. Vulnerability Details Third Party Entry: 186425 DESCRIPTION: jose.4.j library key information disclosure CVSS Base score: 8.7 CVSS Temporal...