CVE-2016-8919 — Corporation Websphere Application Server vulnerability

CWE-3995 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Websphere Application Server IBM Websphere Application Server

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/websphere_application_server4 versions+3

▶CVEListV5ibm_corporation/websphere_application_server203 versions+202

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4h82-6rx4-q5jv: IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cau↗2022-05-17

▶

CVEList

CVE-2016-8919: IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cau↗2017-02-01

▶

OSV

libarchive vulnerabilities↗2016-07-14

▶

💬Community

Bugzilla

CVE-2015-8919 libarchive: Heap out of bounds read in LHA/LZH parser↗2016-06-21

▶