Vulnerabilities > CVE-2012-3300 - Resource Management Errors vulnerability in IBM Websphere Commerce
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 55684 CVE ID: CVE-2012-3298,CVE-2012-3300 IBM WebSphere Commerce Enterprise 是业界领先的电子商务解决方案。 IBM WebSphere Commerce v7.0.0.0 - 7.0.0.5存在安全漏洞,成功利用后可允许远程攻击者绕过某些安全限制并执行未授权操作。 1) REST服务框架内存在错误,可被利用非法访问资源。 2)处理持久会话和个性化ID时存在错误,可被利用消耗系统资源并显示服务不可用。 0 IBM WebSphere Commerce Enterprise 7.0.0.0 - 7.0.0.5 厂商补丁: IBM --- IBM已经为此发布了一个安全公告(1610905)以及相应补丁: 1610905:Security Bulletin: Vulnerability in WebSphere Commerce REST services (CVE-2012-3298) 链接:http://www-01.ibm.com/support/docview.wss?uid=swg21610905 |
| id | SSV:60408 |
| last seen | 2017-11-19 |
| modified | 2012-09-27 |
| published | 2012-09-27 |
| reporter | Root |
| title | IBM WebSphere Commerce Enterprise REST服务安全限制绕过漏洞 |