IBM HTTP Server denial of service
CVE-2023-26281

7.5HIGH

Key Information:

Vendor: IBM
Status: HTTP Server
Vendor: CVE Published:; 1 March 2023

Summary

A vulnerability exists in IBM HTTP Server 8.5 utilized by IBM WebSphere Application Server that enables a remote attacker to trigger a denial of service. This can be executed through a specially crafted URL, potentially leading to service disruption and impacting availability. It is essential for users of this server to take immediate action to mitigate the risk associated with this vulnerability.

Affected Version(s)

HTTP Server 8.5

References

https://www.ibm.com/support/pages/node/6958522

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/248296

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 21, 2023