Info

Disclosure

Dec 02, 2003

Discovery

Oct 11, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple Vendor XML/SOAP HTTP servers contain flaws that may allow a remote denial of service. The issue is triggered when a client sends a special SOAP request containing DTDs, which could cause consumption of 100% of available CPU resources.

Classification

Attack Type: Denial of Service
Impact: Loss of Availability

Solution

Please check with applicable vendor, as fixes have been released that have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation

WebSphere

5.0.0

Microsoft Corporation	.NET Framework	1.0
		1.1

References

Secunia Advisory ID: 10417
ISS X-Force ID: 13969
Microsoft Knowledge Base Article: 826231
Bugtraq ID: 9204
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q=PQ81278&uid=swg2 ......
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24004576
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24005012

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

WebSphere

Microsoft Corporation

.NET Framework

References

Credit