Denial of Service Vulnerability in IBM Lotus Mobile Connect
CVE-2010-4592

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Mobile Connect
Vendor: CVE Published:; 22 December 2010

Summary

A vulnerability in IBM Lotus Mobile Connect prior to version 6.1.4 relates to the handling of HTTP-TCP connections. When HTTP Access Services are enabled, the Connection Manager does not adequately manage failed attempts to establish these connections. This may lead to memory exhaustions and the potential crash of the daemon service, caused by excessive TCP connection requests from remote attackers. This flaw highlights the need for effective session management and resource allocation to mitigate potential service disruptions.

References

http://secunia.com/advisories/42703

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg27020327

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Dec 22, 2010