Vulnerabilities > CVE-2011-1317 - Resource Management Errors vulnerability in IBM Websphere Application Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
CWE-399
nessus

Summary

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.

Common Weakness Enumeration (CWE)

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_7_0_0_15.NASL
descriptionIBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A double free error in BBOOORBR control block could trigger a denial of service condition. (PM17170) - A cross-site scripting vulnerability exists in the web container. (PM18512) - It is possible for authenticated users to trigger a DoS condition by using Lightweight Third-Party Authentication (LTPA) tokens for authentication. (PM18644) - Sensitive wsadmin command parameters are included in trace files, which could result in an information disclosure vulnerability. (PM18736) - A memory leak in
last seen2020-06-01
modified2020-06-02
plugin id52615
published2011-03-10
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/52615
titleIBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities