CVE-2015-0173

Currently unrated

Key Information:

Vendor
IBM
Status
Websphere MQ Internet Pass Thru
Vendor
CVE Published:
28 June 2015

Summary

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21699547
x_refsource_CONFIRM
http://www.securitytracker.com/id/1032630
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.