IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
BID:50693
Info
IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
| Bugtraq ID: | 50693 |
| Class: | Design Error |
| CVE: |
CVE-2011-1378 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 16 2011 12:00AM |
| Updated: | Dec 05 2011 06:07PM |
| Credit: | IBM |
| Vulnerable: |
IBM WebSphere MQ 6.0.2 .9 IBM WebSphere MQ 6.0.2 .7 IBM WebSphere MQ 6.0.2 .6 IBM WebSphere MQ 6.0.2 .5 IBM WebSphere MQ 6.0.2 .4 IBM WebSphere MQ 6.0.2 .3 IBM WebSphere MQ 6.0.2 .2 IBM WebSphere MQ 6.0.2 .1 IBM WebSphere MQ 6.0.2.8 IBM WebSphere MQ 6.0.2.10 IBM WebSphere MQ 6.0.2.0 |
| Not Vulnerable: |
IBM WebSphere MQ 6.0.2.11 |
Discussion
IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
IBM WebSphere MQ is prone to a remote security-bypass vulnerability.
Exploiting this issue allows remote attackers to stop the command server on the specified queue manager, denying service to militiaman users.
Versions prior to WebSphere MQ 6.0.2.11 are vulnerable.
IBM WebSphere MQ is prone to a remote security-bypass vulnerability.
Exploiting this issue allows remote attackers to stop the command server on the specified queue manager, denying service to militiaman users.
Versions prior to WebSphere MQ 6.0.2.11 are vulnerable.
Exploit / POC
IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability
References:
References: