Uočen je i ispravljen najnoviji sigurnosni nedostatak vezan uz IBM WebSphere Application Server. Radi se o sigurnom, skalabilnom i pouzdanom okruženju za izvođenje aplikacija i servisa. Nedostatak se javlja zbog pogreške u Java paketu. Točnije, javlja se u metodi "doubleValue()" u FloatingDecimal.java. Udaljeni zlonamjerni korisnik može iskoristiti navedenu ranjivost za napad uskraćivanja usluge (eng. Denial of Service). Objavljene su sigurnosne zakrpe pa se korisnicima savjetuje njihova primjena.
IBM WebSphere Application Server Java Denial of Service Vulnerability
Secunia Advisory SA43296
Release Date 2011-02-10
Last Update 2011-02-11
Criticality level Moderately criticalModerately critical
Impact DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
IBM WebSphere Application Server 6.0.x
IBM WebSphere Application Server 6.1.x
IBM WebSphere Application Server 7.0.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-4476 CVSS available in Customer Area
Description
IBM has acknowledged a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a vulnerability in the bundled version of IBM Java.
For more information:
SA43295
The vulnerability is reported in versions 6.1.0.35 and prior, 6.0.2.43 and prior, and 7.0.0.13 and prior.
Solution
Apply APARs PM32177, PM32175, and PM32192.
Further details available in Customer Area
Changelog
Further details available in Customer Area
Original Advisory
IBM (PM32177, PM32175, PM32192):
http://www.ibm.com/support/docview.wss?uid=swg24029090
http://www.ibm.com/support/docview.wss?uid=swg24029103
http://www.ibm.com/support/docview.wss?uid=swg24029102
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke