Potential Denial of Service (DOS) security exposure when using web-based applications due to the vulnerability in the Java HashTable implementation. Only an authorized user can exploit this vulnerability issue, which is described by the CVE-2012-0193 security alert. An unauthorized user cannot exploit the issue.
CVE ID: CVE-2012-0193
DESCRIPTION: This information is extracted from a Flash notification from the IBM WebSphere Application Server support team. You can read the notification at the following link: http://www.ibm.com/support/docview.wss?uid=swg21577532
This vulnerability can cause a large number of HashTable collisions due to specially crafted HTTP request parameters. If there are too many collisions, performance is significantly impaired and can lead to a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72298 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
All versions of Information Archive prior to 220.127.116.11
Upgrade your Information Archive appliance to release 18.104.22.168
Mitigation(s): Ensure that access to the Information Archive appliance is tightly controlled. Without the proper user authentication, nothing can be run on the appliance or added to the appliance.
Complete CVSS Guide ( http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 ( http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
X-Force Vulnerability Database ( http://xforce.iss.net/xforce/xfdb/72298)
CVE-2012-0193 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0193)
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
|Disk Storage Systems||IBM Information Archive||Graphical User Interface (GUI)||2.1, 2.1.1, 2.1.2, 22.214.171.124, 2.1.3, 126.96.36.199, 188.8.131.52||N/A|