CVE-2016-8919 : IBM WebSphere Application Server may be vulnerable to a denial of service, cause

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

Published 2017-02-01 22:59:01

Updated 2017-02-13 22:20:45

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-8919

IBM » Websphere Application Server » Version: 7.0
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0
cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 9.0
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5
cpe:2.3:a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-8919

Top countries where our scanners detected CVE-2016-8919

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2016-8919 510

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-8919!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-8919

EPSS FAQ

0.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-8919

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-8919

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-8919

http://www.securitytracker.com/id/1037710

IBM WebSphere Application Server SOAP Connectors Let Remote Users Consume Excessive Resources on the Target System - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/95650

IBM WebSphere Application Server CVE-2016-8919 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21993797

IBM Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)
Patch;Vendor Advisory