Potential security exposure in versions of IBM HTTP Server (IHS) shipped with WebSphere Commerce (CVE-2011-3192)

Flash (Alert)


Abstract

A potential security exposure that can result in a denial of service

Content

A security exposure was found in all versions of IHS which have shipped with WebSphere Commerce. This exploit allows HTTP requests using byte ranges to contain ranges larger than the size of the file being served. Performing a significant number of these requests can result in a denial of service.

Solution

All customers using IHS are recommended to review the following IHS Flash for the most up-to date information:
Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

Cross Reference information
Segment Product Component Platform Version Edition
Commerce WebSphere Commerce - Express Security i5/OS, Linux, Windows 7.0, 6.0, 5.6.1, 5.6 Express
Commerce WebSphere Commerce Business Edition Security AIX, i5/OS, Linux, Solaris, Windows, OS/390 5.6.1, 5.6 Business Edition
Commerce WebSphere Commerce Professional Edition Security AIX, i5/OS, Linux, Solaris, Windows 7.0, 6.0, 5.6.1, 5.6 Professional Edition

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Commerce Enterprise
Security

Software version:

6.0, 7.0

Operating system(s):

AIX, Linux, Solaris, Windows, i5/OS

Software edition:

Enterprise

Reference #:

1512354

Modified date:

2011-09-02

Translate my page

Machine Translation

Content navigation