IBM MQ Denial-of-Service Vulnerability via Slowloris Attack

A denial-of-service vulnerability has been identified in IBM MQ versions 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD. This vulnerability arises from improper enforcement of timeouts on individual read operations, allowing remote attackers to conduct Slowloris-type attacks that overwhelm the server by holding open connections and sending partial requests. As a result, the server becomes unable to process legitimate traffic.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application server to become unresponsive or unavailable to users.

Remediation

To address this vulnerability, users can implement several strategies: 1. Configure a load balancer to filter out partial HTTP requests caused by Slowloris attacks before they reach the application server. 2. Use a reverse proxy to buffer client requests and manage connection timeouts. 3. Deploy a Web Application Firewall (WAF) capable of detecting and blocking Slowloris-style attacks. 4. Limit the number of concurrent connections from a single IP address. 5. Apply traffic rate limiting to restrict the number of requests from a single source within a specific timeframe.