Flash (Alert)
Abstract
For some IBM Rational Software products, including IBM Rational Insight, there is a potential Denial of Service (DoS) security exposure when using Web based applications due to Java HashTable implementation vulnerability.
Content
Your product is deployed on IBM WebSphere Application Server version 6.0, 6.1, 7.0, or 8.0 server and you are therefore impacted by a security vulnerability which can cause performance or denial of service (DoS) issues. You are advised to read the instructions in the linked documents section and update your application servers to correct this issue:
4031821: PM53930: Collisions in HashTable May Cause DoS Vulnerability
Reference: CVE-2012-0193: IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Related information
A Japanese translation is available
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.