CVE-2016-2960

low

Description

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

References

http://www.securityfocus.com/bid/92354

http://www.securitytracker.com/id/1036514

http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548

http://www-01.ibm.com/support/docview.wss?uid=swg21984796

Details

Source: MITRE

Published: 2016-08-08

Updated: 2017-08-16

Type: CWE-284

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW