IBM MQ Light up to 1.0.0.1 Authentication resource management

Summaryinfo

A vulnerability categorized as problematic has been discovered in IBM MQ Light up to 1.0.0.1. This vulnerability affects unknown code of the component Authentication. Executing a manipulation can lead to resource management. This vulnerability is tracked as CVE-2015-1958. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability has been found in IBM MQ Light up to 1.0.0.1 and classified as problematic. This vulnerability affects an unknown functionality of the component Authentication. The manipulation with an unknown input leads to a resource management vulnerability. The CWE definition for the vulnerability is CWE-399. As an impact it is known to affect availability. CVE summarizes:

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.

The weakness was disclosed 08/03/2015 (Website). The advisory is available at www-01.ibm.com. This vulnerability was named CVE-2015-1958 since 02/19/2015. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 1.0.0.2 eliminates this vulnerability.

The entries VDB-76884, VDB-76881 and VDB-76880 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• IBM

Name

• MQ Light

Version

• 1.0.0.0
• 1.0.0.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion