IBM WebSphere MQ 7.0 / 7.1 / 7.5 / 8.0 PCF Query DoS

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a service installed that is affected by a
denial of service vulnerability.

Description :

The version of IBM WebSphere MQ server installed on the remote Windows
host is either 7.0 without fix pack 7.0.1.13, 7.1 without fix pack
7.1.0.6, 7.5 without fix pack 7.5.0.5, or 8.0 without fix pack
8.0.0.1. It is,therefore, affected by a denial of service
vulnerability. A remote, authenticated attacker, with access to the
command input queue, can use a crafted PCF query to create an
artificially full reply queue, thus preventing other users from
submitting queries to the system.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21696120

Solution :

Apply the fix pack provided by the vendor.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 83288 ()

Bugtraq ID: 74326

CVE ID: CVE-2014-4771

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now