BID:39056

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

Info

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

Bugtraq ID:	39056
Class:	Design Error
CVE:	CVE-2010-0770
Remote:	Yes
Local:	No
Published:	Mar 30 2010 12:00AM
Updated:	Mar 30 2010 12:00AM
Credit:	IBM
Vulnerable:	IBM Websphere Application Server 7.0 3 IBM Websphere Application Server 7.0 .8 IBM Websphere Application Server 6.1.2 IBM Websphere Application Server 6.1 .9 IBM Websphere Application Server 6.1 .8 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .4 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .25 IBM Websphere Application Server 6.1 .23 IBM Websphere Application Server 6.1 .22 IBM Websphere Application Server 6.1 .21 IBM Websphere Application Server 6.1 .20 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .19 IBM Websphere Application Server 6.1 .18 IBM Websphere Application Server 6.1 .17 IBM Websphere Application Server 6.1 .15 IBM Websphere Application Server 6.1 .14 IBM Websphere Application Server 6.1 .13 IBM Websphere Application Server 6.1 .12 IBM Websphere Application Server 6.1 .11 IBM Websphere Application Server 6.1 .10 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .39 IBM Websphere Application Server 6.0.2 .35 IBM Websphere Application Server 6.0.2 .33 IBM Websphere Application Server 6.0.2 .31 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .29 IBM Websphere Application Server 6.0.2 .27 IBM Websphere Application Server 6.0.2 .25 IBM Websphere Application Server 6.0.2 .24 IBM Websphere Application Server 6.0.2 .23 IBM Websphere Application Server 6.0.2 .22 IBM Websphere Application Server 6.0.2 .21 IBM Websphere Application Server 6.0.2 .17 IBM Websphere Application Server 6.0.2 .15 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.1 IBM Websphere Application Server 6.0 .7 IBM Websphere Application Server 6.0 IBM Websphere Application Server 7.0.0.7 IBM Websphere Application Server 7.0.0.5 IBM Websphere Application Server 7.0.0.1 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.2 IBM Websphere Application Server 6.1.0.29 IBM Websphere Application Server 6.1.0.27 IBM Websphere Application Server 6.0.2.19 IBM Websphere Application Server 6.0.2 Fix Pack 17

Not Vulnerable:	IBM Websphere Application Server 7.0 .9 IBM Websphere Application Server 6.1.0.31 IBM Websphere Application Server 6.0.2.41

Discussion

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

IBM WebSphere Application Server (WAS) is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause WAS ORB threads to hang, denying service to legitimate users.

Versions prior to WAS 7.0.0.9, 6.1.0.31 and 6.0.2.41 are vulnerable.

Exploit / POC

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

Solution:
Updates are available. Please see the references for details.

References

IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability

References:

IBM APAR PK93653: (IBM)
IBM WebSphere Application Server Product Page (IBM)
WebSphere Application Server ORB client denial of service (IBM)