IBM HTTP Server denial of service
CVE-2023-26281

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Http Server
Vendor: CVE Published:; 1 March 2023

What is CVE-2023-26281?

A vulnerability exists in IBM HTTP Server 8.5 utilized by IBM WebSphere Application Server that enables a remote attacker to trigger a denial of service. This can be executed through a specially crafted URL, potentially leading to service disruption and impacting availability. It is essential for users of this server to take immediate action to mitigate the risk associated with this vulnerability.

Affected Version(s)

HTTP Server 8.5

References

https://www.ibm.com/support/pages/node/6958522

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/248296

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 21, 2023