Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM007F3656F457E29E8E9775EE102EC046FFA8A1BD9E63B235A2486BE6852C5ECB
HistoryMar 25, 2019 - 1:30 p.m.

Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)

2019-03-2513:30:01
www.ibm.com
8

EPSS

0.005

Percentile

76.0%

JSON

Summary

There is a potential denial of service vulnerability in WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty
  • Version 9.0
  • Version 8.5
  • Version 8.0
  • Version 7.0

Remediation/Fixes

The recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical.

For WebSphere Application Server Liberty:

ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH06340
--ORโ€“
ยท Apply Fix Pack 19.0.0.4 or later (targeted availability 2Q 2019).

For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:

For V9.0.0.0 through 9.0.0.10:
ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH06340
--ORโ€“
ยท Apply Fix Pack 9.0.0.11 or later (targeted availability 2Q 2019).

For V8.5.0.0 through 8.5.5.15

ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH06340
--ORโ€“
ยท Apply Fix Pack 8.5.5.16 or later (targeted availability 3Q 2019).

For V8.0.0.0 through 8.0.0.15:
ยท Upgrade to v8.0.0.15 and then apply Interim Fix PH06340

For V7.0.0.0 through 7.0.0.45:
ยท Upgrade to 7.0.0.45 and then apply Interim Fix PH06340

_WebSphere Application Server V7 and V8 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _

Related

ibm 81
nvd 1
nessus 1
cvelist 1
cve 1
prion 1
ibm
ibm
Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2019-4046)
2019-08-20 10:56:28
Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046)
2019-07-18 09:05:01
Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server Liberty Core affect CICS Transaction Gateway
2021-12-09 16:57:12
nvd
nvd
CVE-2019-4046
2019-03-25 19:29:02
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 / Liberty < 19.0.0.4 Request Header Denial of Service (DoS) Vulnerability (CVE-2019-4046)
2019-04-12 00:00:00
cvelist
cvelist
CVE-2019-4046
2019-03-25 18:15:16
cve
cve
CVE-2019-4046
2019-03-25 19:29:02
prion
prion
Design/Logic Flaw
2019-03-25 19:29:00

EPSS

0.005

Percentile

76.0%

JSON
Related for 007F3656F457E29E8E9775EE102EC046FFA8A1BD9E63B235A2486BE6852C5ECB
ibm81nvd1nessus1cvelist1cve1prion1