Vulnerability: IBM Websphere 4.0.3

On Windows 2000 Server, IBM Websphere 4.0.3 doesn't perform proper bounds checks on large HTTP headers. As a result, the application can be crashed by a remote user.

If a request is made for a .jsp ressource (the .jsp file does not need to exist), and the HTTP field "Host" contains 796 characters or more, the web service will crash. Other HTTP fields are also vulnerable if the size is increased to 4K.

For details, click here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about IBM Australia

Show Comments