Denial of Service Vulnerability in IBM Lotus Mobile Connect
CVE-2010-4594

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Mobile Connect
Vendor: CVE Published:; 22 December 2010

Summary

The Connection Manager in IBM Lotus Mobile Connect versions prior to 6.1.4 contains a flaw when HTTP Access Services are enabled. An attacker can exploit this vulnerability by sending multiple TCP connection requests, leading to excessive memory consumption and potential service interruption. This issue arises from improper handling of connection requests, resulting in 'queue size delta errors' and causing the HTTP Access Services to hang, thereby denying service to legitimate users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg27020327

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75163

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 22, 2010