PT-2024-20705 · Ibm · Ibm Websphere Application Server+1
Published
2024-04-25
·
Updated
2024-04-25
·
CVE-2024-25026
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server versions 8.5 through 9.0
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4
Description
The issue is caused by sending a specially crafted request, which could lead to a denial of service. A remote attacker could exploit this to cause the server to consume memory resources.
Recommendations
For IBM WebSphere Application Server versions 8.5 through 9.0, update to a version that is not affected by this issue.
For IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server
Ibm Websphere Application Server Liberty