IBM WebSphere Products Multiple Vulnerabilities
Release Date: 17 Nov 2023
RISK: Extremely High Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in IBM WebSphere Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
Note:
CVE-2023-44487 is a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability known as Rapid Reset, has been exploited in the wild.
Impact
- Denial of Service
- Information Disclosure
System / Technologies affected
- IBM WebSphere Application Server Liberty 17.0.0.3 - 23.0.0.11
- IBM WebSphere Application Server Liberty 18.0.0.2 - 23.0.0.11
- IBM WebSphere Hybrid Edition 5.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.ibm.com/support/pages/node/7076252
- https://www.ibm.com/support/pages/node/7076305
- https://www.ibm.com/support/pages/node/7077009
- https://www.ibm.com/support/pages/node/7077065
Vulnerability Identifier
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2023.6811
- https://www.auscert.org.au/bulletins/ESB-2023.6809
- https://www.auscert.org.au/bulletins/ESB-2023.6806
- https://www.auscert.org.au/bulletins/ESB-2023.6805
- https://www.ibm.com/support/pages/node/7076252
- https://www.ibm.com/support/pages/node/7076305
- https://www.ibm.com/support/pages/node/7077009
- https://www.ibm.com/support/pages/node/7077065
沒有留言:
發佈留言