Lucene search
MitreCVE-2008-4678HistoryOct 22, 2008 - 6:00 p.m.
CVE-2008-4678
2008-10-2218:00:00
CWE-399
mitre
web.nvd.nist.gov
31
cve-2008-4678
ibm
websphere
application server
http
denial of service
remote attack
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
High
EPSS
0.019
Percentile
88.6%
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to โstorage overlayโ on the stack and a โparse failure.โ
Affected configurations
Node
ibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 6.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.6 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.9 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.11 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.13 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-4678
2008-10-22 18:00:00
cvelist
cvelist
CVE-2008-4678
2008-10-22 17:00:00
prion
prion
Design/Logic Flaw
2008-10-22 18:00:00
seebug
seebug
IBM WebSphereๅบ็จๆๅกๅจๆ็ปๆๅกๅ็ป่ฟๅฎๅ
จ้ๅถๆผๆด
2008-10-27 00:00:00
nessus
nessus
IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities
2008-10-27 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
High
EPSS
0.019
Percentile
88.6%
Related for CVE-2008-4678