mardi 25 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

lundi 1 avril 2019

IBM WebSphere Application Server 7.5/8.0/8.5/9.0 Admin Console CPU Exhaustion denial of service

A vulnerability classified as critical has been found in IBM WebSphere Application Server 7.5/8.0/8.5/9.0 (Application Server Software). Affected is an unknown function of the component Admin Console. The manipulation with an unknown input leads to a denial of service vulnerability (CPU Exhaustion). CWE is classifying the issue as CWE-400. This is going to have an impact on availability.

The weakness was shared 04/02/2019. The advisory is available at exchange.xforce.ibmcloud.com. This vulnerability is traded as CVE-2019-4080 since 01/03/2019. The exploitability is told to be easy. It is possible to launch the attack remotely. A single authentication is needed for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 04/02/2019).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Product

Vendor

Product

CPE

CVSSv3

VulDB Meta Base Score: 6.5
VulDB Meta Temp Score: 6.5

VulDB Base Score: 6.5
VulDB Temp Score: 6.5
VulDB Vector: 🔒
VulDB Reliability: 🔍

NVD Base Score: 6.5
NVD Vector: 🔒

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

NVD Base Score: 🔒

Exploiting

Class: Denial of service / CPU Exhaustion (CWE-400)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍

Countermeasures

Recommended: no mitigation known
0-Day Time: 🔒

Timeline

01/03/2019 CVE assigned
04/02/2019 Advisory disclosed
04/02/2019 VulDB entry created
04/02/2019 VulDB last update

Sources

Advisory: exchange.xforce.ibmcloud.com
Confirmation: 🔒

CVE: CVE-2019-4080 (🔒)

Entry

Created: 04/02/2019 09:20 PM
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 157

x

Événements SSI