IBM WebSphere Application Server Liberty
Moderate fix2 remedies
cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 18.0.0.2, <= 25.0.0.8
IBM WebSphere Application Server Liberty Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in IBM WebSphere Application Server Liberty versions 18.0.0.2 prior to 25.0.0.8. The issue arises when a remote attacker sends a specially-crafted request, causing the server to consume excessive memory resources. This vulnerability is present when the HTTP/2 protocol is enabled, along with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 features.
Impact
Exploitation of this vulnerability leads to increased memory consumption on the server, potentially causing performance degradation or service disruption.
Remediation
Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 25.0.0.9 or later, or to apply the interim fix for APAR PH66953. Additional interim fixes may be available and linked off the interim fix download page.
Added: Aug 14, 2025, 4:48 PM
Updated: Aug 14, 2025, 4:48 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.