CVE-2014-0943

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 6.0 Feature Pack 2 through Feature Pack 5 IBM WebSphere Commerce versions 7.0.0.0 through 7.0.0.8 IBM WebSphere Commerce versions 7.0 Feature Pack 1 through Feature Pack 7

Description The issue allows remote attackers to cause a denial of service, resulting in resource consumption and daemon crash, by sending a request with a malformed id parameter.

Recommendations For IBM WebSphere Commerce versions 6.0 Feature Pack 2 through Feature Pack 5, avoid using the malformed id parameter in requests until a fix is available. For IBM WebSphere Commerce versions 7.0.0.0 through 7.0.0.8, restrict access to the affected module to minimize the risk of exploitation. For IBM WebSphere Commerce versions 7.0 Feature Pack 1 through Feature Pack 7, consider disabling the vulnerable function until a patch is available.