IBM WebSphere Application Server 7.0.0.x <= 22.214.171.124 / 8.0.0.x <= 126.96.36.199 / 8.5.x < 188.8.131.52 / 9.0.0.x < 184.108.40.206 / Liberty < 220.127.116.11 Request Header Denial of Service (DoS) Vulnerability (CVE-2019-4046)
Medium Nessus Plugin ID 124024
SynopsisThe remote web application server is affected by a denial of service vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 18.104.22.168 through 22.214.171.124, 126.96.36.199 through 188.8.131.52, 8.5.x prior to 184.108.40.206, 9.0.0.x prior to 220.127.116.11, or Liberty prior to 18.104.22.168. It is, therefore, affected by a denial of service (DoS) vulnerability due to improper handling of request headers. A remote, unauthenticated attacker could exploit this to cause the consumption of memory.
SolutionUpgrade to IBM WebSphere Application Server 22.214.171.124 or 126.96.36.199 or Liberty 188.8.131.52 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH06340.