CVE-2008-4285

Опубликовано: 17 фев. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance."

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg24019260
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48698
http://www-01.ibm.com/support/docview.wss?uid=swg24019260
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48698

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00408

Низкий

5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-mg97-69vg-vv8v

github

почти 4 года назад