IBM Support

Potential security exposure in versions of IBM HTTP Server (IHS) shipped with WebSphere Commerce (CVE-2011-3192)

Flash (Alert)


A potential security exposure that can result in a denial of service


A security exposure was found in all versions of IHS which have shipped with WebSphere Commerce. This exploit allows HTTP requests using byte ranges to contain ranges larger than the size of the file being served. Performing a significant number of these requests can result in a denial of service.


All customers using IHS are recommended to review the following IHS Flash for the most up-to date information:
Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

Cross reference information
Segment Product Component Platform Version Edition
Commerce WebSphere Commerce - Express Security i5/OS, Linux, Windows 7.0, 6.0, 5.6.1, 5.6 Express
Commerce WebSphere Commerce Business Edition Security AIX, i5/OS, Linux, Solaris, Windows, OS/390 5.6.1, 5.6 Business Edition
Commerce WebSphere Commerce Professional Security AIX, i5/OS, Linux, Solaris, Windows 7.0, 6.0, 5.6.1, 5.6 Professional Edition

Document information

More support for: WebSphere Commerce Enterprise

Software version: 6.0, 7.0

Operating system(s): AIX, IBM i, Linux, Solaris, Windows

Software edition: Enterprise

Reference #: 1512354

Modified date: 02 September 2011

Translate this page: