Denial of service in IBM MQ - CVE-2017-1557
Published: December 22, 2017
Vulnerability identifier: #VU9719
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1557
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM MQ
IBM MQ
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker with authority to connect to a remote queue manager can send a malicious request, cause undefined behaviour within the channel process servicing that connection, including a loss of service for other connections being serviced by the same channel process.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker with authority to connect to a remote queue manager can send a malicious request, cause undefined behaviour within the channel process servicing that connection, including a loss of service for other connections being serviced by the same channel process.
Successful exploitation of the vulnerability may result in denial of service.
How to mitigate CVE-2017-1557
Update to version 8.0.0.8, 9.0.0.2, 9.0.4.