IBM MQ Light up to 1.0.0.1 Authentication resource management

Summaryinfo

A vulnerability labeled as problematic has been found in IBM MQ Light up to 1.0.0.1. Impacted is an unknown function of the component Authentication. The manipulation results in resource management. This vulnerability is cataloged as CVE-2015-1987. There is no exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in IBM MQ Light up to 1.0.0.1. It has been classified as problematic. Affected is an unknown part of the component Authentication. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. CVE summarizes:

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.

The weakness was shared 08/03/2015 (Website). The advisory is shared for download at www-01.ibm.com. This vulnerability is traded as CVE-2015-1987. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

Upgrading to version 1.0.0.2 eliminates this vulnerability.

The entries VDB-76882, VDB-76881 and VDB-76880 are related to this item. Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• IBM

Name

• MQ Light

Version

• 1.0.0.0
• 1.0.0.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion