CVE-2002-1153 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

2.6%

top 14.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedOct 11

Latest updateMay 3

Description

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server4.0.3

Patches

Patch: ftp.software.ibm.com ↗Patch: ftp.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5cp2-xr74-442p: IBM Websphere 4↗2022-05-03

▶

CVEList

CVE-2002-1153: IBM Websphere 4↗2004-09-01

▶