Description
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- ibm / websphere_application_server9.0 – 9.0
- ibm / websphere_application_server9.0.0 – 9.0.0
- ibm / websphere_application_server8.5 – 8.5
- ibm / websphere_application_server8.5.0 – 8.5.0
- ibm / websphere_application_server___liberty17.0.0.3 – 17.0.0.3
- ibm / websphere_application_server___liberty26.0.0.6 – 26.0.0.6