IBM WebSphere Application Server 7.0.0.x <= 220.127.116.11 / 8.0.0.x <= 18.104.22.168 / 8.5.x < 22.214.171.124 / 9.0.0.x < 126.96.36.199 / Liberty < 188.8.131.52 Request Header Denial of Service (DoS) Vulnerability (CVE-2019-4046)
Medium Nessus Plugin ID 124024
SynopsisThe remote web application server is affected by a denial of service vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 8.5.x prior to 126.96.36.199, 9.0.0.x prior to 188.8.131.52, or Liberty prior to 184.108.40.206. It is, therefore, affected by a denial of service (DoS) vulnerability due to improper handling of request headers. A remote, unauthenticated attacker could exploit this to cause the consumption of memory.
SolutionUpgrade to IBM WebSphere Application Server 220.127.116.11 or 18.104.22.168 or Liberty 22.214.171.124 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH06340.