PT-2014-3961 · Ibm · Ibm Websphere Commerce

Published

2014-05-25

·

Updated

2019-09-30

·

CVE-2014-0943

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 6.0 Feature Pack 2 through Feature Pack 5 IBM WebSphere Commerce versions 7.0.0.0 through 7.0.0.8 IBM WebSphere Commerce versions 7.0 Feature Pack 1 through Feature Pack 7
Description The issue allows remote attackers to cause a denial of service, resulting in resource consumption and daemon crash, by sending a request with a malformed id parameter.
Recommendations For IBM WebSphere Commerce versions 6.0 Feature Pack 2 through Feature Pack 5, avoid using the malformed id parameter in requests until a fix is available. For IBM WebSphere Commerce versions 7.0.0.0 through 7.0.0.8, restrict access to the affected module to minimize the risk of exploitation. For IBM WebSphere Commerce versions 7.0 Feature Pack 1 through Feature Pack 7, consider disabling the vulnerable function until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-0943

Affected Products

Ibm Websphere Commerce