header-logo
Suggest Exploit
vendor:
IBM Websphere Edge Server
by:
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: IBM Websphere Edge Server
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Denial of Service vulnerability in IBM Websphere Edge Server Caching Proxy

A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application. A remote attacker reportedly is able to cause a denial of service condition with one request.

Mitigation:

IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10651/info

A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server.

It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application.

A remote attacker reportedly is able to cause a denial of service condition with one request.

IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3. 

echo ?GET? | nc www.example.com <proxy_port>

Navigation

Suggest Exploit

Services By CQR

cqrsecured