IBM MQ Light up to 1.0.0.1 Authentication resource management

Summaryinfo

A vulnerability was found in IBM MQ Light up to 1.0.0.1. It has been rated as problematic. This affects an unknown part of the component Authentication. Performing a manipulation results in resource management. This vulnerability is identified as CVE-2015-1956. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as problematic, was found in IBM MQ Light up to 1.0.0.1. This affects an unknown function of the component Authentication. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. The summary by CVE is:

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.

The weakness was released 08/03/2015 (Website). The advisory is shared at www-01.ibm.com. This vulnerability is uniquely identified as CVE-2015-1956 since 02/19/2015. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.

Upgrading to version 1.0.0.2 eliminates this vulnerability.

Entries connected to this vulnerability are available at VDB-76884, VDB-76882 and VDB-76880. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• IBM

Name

• MQ Light

Version

• 1.0.0.0
• 1.0.0.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion