Denial of Service Vulnerability in IBM MessageSight Server
CVE-2014-0921

Currently unrated

Key Information:

Vendor: IBM
Status: Messagesight Jms Client; Messagesight
Vendor: CVE Published:; 15 April 2014

Summary

A weakness in the IBM MessageSight server prior to version 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to trigger a denial of service. This can occur when a malicious actor sends specially crafted malformed headers during a WebSockets connection upgrade. Consequently, this may lead to a crash of the daemon and potential loss of message data, thereby compromising the service availability for legitimate users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21670278

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/92074

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC98583

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Jan 6, 2014