CVE-2009-0433

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 5.1.x through 5.1.1.18 IBM WebSphere Application Server versions 6.0.x through 6.0.2.28 IBM WebSphere Application Server versions 6.1.x through 6.1.0.18

Description The issue allows attackers to cause a denial of service, resulting in a daemon crash, when Web Server plug-in content buffering is enabled. This is related to a mishandling of client read failures, where clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.

Recommendations For IBM WebSphere Application Server versions 5.1.x through 5.1.1.18, update to version 5.1.1.19 or later. For IBM WebSphere Application Server versions 6.0.x through 6.0.2.28, update to version 6.0.2.29 or later. For IBM WebSphere Application Server versions 6.1.x through 6.1.0.18, update to version 6.1.0.19 or later.