IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg1PM53930 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21577532 | Patch Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg24031821 | Patch Vendor Advisory |
http://osvdb.org/78321 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-01-19 20:04
Updated : 2012-01-26 20:04
NVD link : CVE-2012-0193
Mitre link : CVE-2012-0193
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
ibm
- websphere_application_server