IBM Tivoli Access Manager for e-Business < 184.108.40.206 / 220.127.116.11 / 18.104.22.168 or GSKit < 22.214.171.124 SSL/TLS Handshake Processing DoS
High Nessus Plugin ID 80480
SynopsisAn access and authorization control management system installed on the remote host is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by a denial of service vulnerability due to an issue when processing SSL/TLS handshakes when SSLv2 is used with session resumption. An attacker can exploit this vulnerability by sending a specially crafted SSL request to cause an application crash or hang.
SolutionApply the interim fix 6.0.0-ISS-TAM-IF0031 / 6.1.0-TIV-TAM-IF0012 / 6.1.1-ISS-TAM-IF0008 or later. Alternatively, upgrade GSKit to 126.96.36.199 or later.