Lucene search

[email protected]CVE-2014-0963

HistoryMay 08, 2014 - 10:55 a.m.

CVE-2014-0963

2014-05-0810:55:03

CWE-399

[email protected]

web.nvd.nist.gov

ibm

gskit

isam

web

ssl

denial of service

security vulnerability

remote attack

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.1 Medium

AI Score

Confidence

Low

0.059 Low

EPSS

Percentile

93.5%

JSON

The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.

Affected configurations

NVD

Node

ibmsecurity_access_manager_for_web_softwareMatch7.0

ibmsecurity_access_manager_for_web_softwareMatch8.0

ibmsecurity_access_manager_for_web_applianceMatch7.0

ibmsecurity_access_manager_for_web_applianceMatch8.0

CPENameOperatorVersion
ibm:security_access_manager_for_web_softwareibm security access manager for web softwareeq7.0
ibm:security_access_manager_for_web_softwareibm security access manager for web softwareeq8.0
ibm:security_access_manager_for_web_applianceibm security access manager for web applianceeq7.0
ibm:security_access_manager_for_web_applianceibm security access manager for web applianceeq8.0

CPE	Name	Operator	Version
ibm:security_access_manager_for_web_software	ibm security access manager for web software	eq	7.0
ibm:security_access_manager_for_web_software	ibm security access manager for web software	eq	8.0
ibm:security_access_manager_for_web_appliance	ibm security access manager for web appliance	eq	7.0
ibm:security_access_manager_for_web_appliance	ibm security access manager for web appliance	eq	8.0

References

secunia.com/advisories/58845

secunia.com/advisories/59245

secunia.com/advisories/59249

www-01.ibm.com/support/docview.wss?uid=swg1IV59660

www-01.ibm.com/support/docview.wss?uid=swg21672192

www-01.ibm.com/support/docview.wss?uid=swg21676091

www-01.ibm.com/support/docview.wss?uid=swg21676092

www-304.ibm.com/support/docview.wss?uid=swg21680803

www.ibm.com/support/docview.wss?uid=swg21675496

www.securityfocus.com/bid/67238

www.securitytracker.com/id/1030707

exchange.xforce.ibmcloud.com/vulnerabilities/92844

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.1 Medium

AI Score

Confidence

Low

0.059 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2014-0963

ibm64 nessus19 prion1 cvelist1 nvd1