IBM WebSphere Application Server and WebSphere Application Server Liberty Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in IBM WebSphere Application Server versions 9.0 and in WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.7. This vulnerability is caused by a stack-based buffer overflow, allowing an attacker to send a specially crafted request that leads to excessive memory consumption on the server.

Impact

Exploitation of this vulnerability causes excessive memory usage on the server, potentially leading to degraded performance or service interruption.

Remediation

Users of IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.7 with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 feature enabled should upgrade to the latest fix pack or apply the available interim fix for PH67183. For IBM WebSphere Application Server traditional users on V9.0.0.0 through 9.0.5.24, it is recommended to upgrade to the latest fix pack or apply the interim fix for PH67120.