Vulnerability Description
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.0 |
| Ibm | Z\/Os | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40096Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830
- http://www.osvdb.org/65439
- http://www.vupen.com/english/advisories/2010/1411Vendor Advisory
- http://secunia.com/advisories/40096Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830
- http://www.osvdb.org/65439
- http://www.vupen.com/english/advisories/2010/1411Vendor Advisory
FAQ
What is CVE-2010-2327?
CVE-2010-2327 is a vulnerability with a CVSS score of 4.3 (MEDIUM). mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP reque...
How severe is CVE-2010-2327?
CVE-2010-2327 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2327?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server, Ibm Z\/Os.