IBM WebSphere MQ 7.0 / 7.1 / 7.5 / 8.0 PCF Query DoS
Low Nessus Plugin ID 83288
SynopsisThe remote Windows host has a service installed that is affected by a denial of service vulnerability.
DescriptionThe version of IBM WebSphere MQ server installed on the remote Windows host is either 7.0 without fix pack 220.127.116.11, 7.1 without fix pack 18.104.22.168, 7.5 without fix pack 22.214.171.124, or 8.0 without fix pack 126.96.36.199. It is,therefore, affected by a denial of service vulnerability. A remote, authenticated attacker, with access to the command input queue, can use a crafted PCF query to create an artificially full reply queue, thus preventing other users from submitting queries to the system.
SolutionApply the fix pack provided by the vendor.