Potential Denial of Service (DoS) security exposure when using Web-based applications due to JavaHashTable implementation vulnerability.
This information is extracted from a FLASH from the IBM WebSphere Application Server support team, available in its entirety at this link: http://www.ibm.com/support/docview.wss?uid=swg21577532
Many IBM software applications run on top of the WebSphere Application Server and could be affected by this issue. Refer to your administrator, the system logs or installation records to determine if your environment is affected and follow the appropriate recommendations to address the problem.
CVE ID: CVE-2012-0193
The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:
- Version 8.0 through 220.127.116.11.
- Version 7.0 through 18.104.22.168
- Version 6.1 through 22.214.171.124
- Version 6.0 through 126.96.36.199
Customers who have Web-based applications are impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72298 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Install Interim Fix for APAR PM53930 (or a ++APAR for WebSphere Application Server for z/OS), or a Fix Pack containing this APAR, as noted in the FLASH available from the WebSphere Application Server support team ( Link opens in a new window).
|Enterprise Content Management||IBM Web Content Manager||Portal Integration||AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS||7.0, 6.1.5, 6.1.0, 6.1||Java edition|
|Organizational Productivity- Portals & Collaboration||Lotus Quickr for WebSphere Portal||Security||AIX, HP-UX, Linux, Windows||8.5, 8.1, 8.0||All Editions|
|Enterprise Content Management||Workplace Web Content Management||Portal Integration||AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS||6.0||Java edition|