Otkriven je i ispravljen novi sigurnosni nedostatak vezan uz IBM WebSphere Application Server za z/OS. Radi se o sigurnom, skalabilnom i pouzdanom okruženju za izvođenje aplikacija i servisa. Nedostatak je posljedica curenja memorije u funkciji "apr_brigade_split_line()" u datoteci "buckets/apr_brigade.c". Udaljenom napadaču takva situacija omogućava izvođenje napada uskraćivanjem usluge (eng. Denial of Service). Korisnicima se, u svrhu zaštite od potencijalnih napada, savjetuje instalacija nadogradnje.

IBM WebSphere Application Server for z/OS "apr_brigade_split_line()" Denial of Service
Secunia Advisory 	SA43211 	

Release Date 	2011-02-04
Criticality level 	Moderately criticalModerately critical
Impact 	DoS
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	IBM WebSphere Application Server 7.0.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2010-1623 CVSS available in Customer Area
	   	

Description

IBM has acknowledged a vulnerability in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information see vulnerability #2 in:
SA41701

Solution
Apply APAR PM23263 or update to version 7.0.0.15 when it becomes available.
Original Advisory
IBM (PM23263):
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601

Other references
Further details available in Customer Area