PT-2022-15372 · Eclipse+1 · Jetty+2
Published
2022-02-23
·
Updated
2022-03-02
·
CVE-2022-22333
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Secure Proxy versions 3.4.3.2, 6.0.2.0, 6.0.3.0
IBM Sterling External Authentication Server (affected versions not specified)
Description
A buffer overflow issue exists due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service.
Recommendations
For IBM Sterling Secure Proxy versions 3.4.3.2, 6.0.2.0, 6.0.3.0, consider restricting access to the Jetty based GUI in the Secure Zone until a patch is available.
For IBM Sterling External Authentication Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Sterling External Authentication Server
Ibm Sterling Secure Proxy
Jetty