IBM MQ Light up to 1.0.0.1 Authentication resource management

Summaryinfo

A vulnerability was found in IBM MQ Light up to 1.0.0.1. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Authentication. Such manipulation leads to resource management. This vulnerability is referenced as CVE-2015-1955. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in IBM MQ Light up to 1.0.0.1. Affected by this issue is some unknown processing of the component Authentication. The manipulation with an unknown input leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is availability. CVE summarizes:

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data.

The weakness was published 08/03/2015 (Website). The advisory is shared for download at www-01.ibm.com. This vulnerability is handled as CVE-2015-1955 since 02/19/2015. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 1.0.0.2 eliminates this vulnerability.

Similar entries are available at VDB-76884, VDB-76882 and VDB-76881. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• IBM

Name

• MQ Light

Version

• 1.0.0.0
• 1.0.0.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion