Denial of Service Vulnerability in IBM Security Access Manager for Web
CVE-2015-1892

Currently unrated

Key Information:

Vendor
IBM
Status
Security Access Manager For Web 7.0 Firmware
Security Access Manager For Web 8.0 Firmware
Vendor
CVE Published:
1 April 2015

Summary

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web versions prior to 7.0.0 FP12 and 8.0.1 FP1 is susceptible to responding to unicast queries from non-link-local source addresses. This behavior can be exploited by remote attackers to amplify traffic or potentially access sensitive information through UDP packets sent to port 5353. Organizations using affected versions should apply the recommended updates to mitigate this risk.

References

http://www.securityfocus.com/bid/73683
vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/550620
third-party-advisoryx_refsource_CERT-VN
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.