Vulnerability Name:

CVE-2009-0433 (CCN-48523)

Assigned:2009-02-06
Published:2009-02-06
Updated:2017-08-08
Summary:Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-0433

Source: AIXAPAR
Type: UNKNOWN
PK67161

Source: CONFIRM
Type: Patch
http://www-01.ibm.com/support/docview.wss?uid=swg27006879

Source: CONFIRM
Type: Patch
http://www-01.ibm.com/support/docview.wss?uid=swg27007033

Source: CCN
Type: IBM Support & downloads
Fix list for IBM WebSphere Application Server version 6.1

Source: CONFIRM
Type: Patch
http://www-01.ibm.com/support/docview.wss?uid=swg27007951

Source: AIXAPAR
Type: Patch
PK63499

Source: CCN
Type: OSVDB ID: 53272
IBM WebSphere Application Server (WAS) Web Server Plug-in Content Buffering Unspecified DoS (PK63499)

Source: BID
Type: Patch
33700

Source: CCN
Type: BID-33700
IBM WebSphere Application Server Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
websphere-server-plugin-dos(48523)

Source: XF
Type: UNKNOWN
websphere-server-plugin-dos(48523)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.18:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm websphere application server 5.1.0
    ibm websphere application server 5.1.0.2
    ibm websphere application server 5.1.0.3
    ibm websphere application server 5.1.0.4
    ibm websphere application server 5.1.0.5
    ibm websphere application server 5.1.1
    ibm websphere application server 5.1.1.1
    ibm websphere application server 5.1.1.10
    ibm websphere application server 5.1.1.11
    ibm websphere application server 5.1.1.12
    ibm websphere application server 5.1.1.13
    ibm websphere application server 5.1.1.14
    ibm websphere application server 5.1.1.15
    ibm websphere application server 5.1.1.16
    ibm websphere application server 5.1.1.17
    ibm websphere application server 5.1.1.18
    ibm websphere application server 5.1.1.19
    ibm websphere application server 6.0
    ibm websphere application server 6.0.0.1
    ibm websphere application server 6.0.0.2
    ibm websphere application server 6.0.0.3
    ibm websphere application server 6.0.1
    ibm websphere application server 6.0.1.1
    ibm websphere application server 6.0.1.2
    ibm websphere application server 6.0.1.3
    ibm websphere application server 6.0.1.5
    ibm websphere application server 6.0.1.7
    ibm websphere application server 6.0.1.9
    ibm websphere application server 6.0.1.11
    ibm websphere application server 6.0.1.13
    ibm websphere application server 6.0.1.15
    ibm websphere application server 6.0.1.17
    ibm websphere application server 6.0.2
    ibm websphere application server 6.0.2.1
    ibm websphere application server 6.0.2.2
    ibm websphere application server 6.0.2.3
    ibm websphere application server 6.0.2.4
    ibm websphere application server 6.0.2.5
    ibm websphere application server 6.0.2.6
    ibm websphere application server 6.0.2.7
    ibm websphere application server 6.0.2.9
    ibm websphere application server 6.0.2.11
    ibm websphere application server 6.0.2.13
    ibm websphere application server 6.0.2.15
    ibm websphere application server 6.0.2.17
    ibm websphere application server 6.0.2.19
    ibm websphere application server 6.0.2.22
    ibm websphere application server 6.0.2.23
    ibm websphere application server 6.0.2.24
    ibm websphere application server 6.0.2.25
    ibm websphere application server 6.0.2.27
    ibm websphere application server 6.0.2.28
    ibm websphere application server 6.1
    ibm websphere application server 6.1.0
    ibm websphere application server 6.1.0.0
    ibm websphere application server 6.1.0.1
    ibm websphere application server 6.1.0.2
    ibm websphere application server 6.1.0.3
    ibm websphere application server 6.1.0.4
    ibm websphere application server 6.1.0.5
    ibm websphere application server 6.1.0.6
    ibm websphere application server 6.1.0.7
    ibm websphere application server 6.1.0.8
    ibm websphere application server 6.1.0.9
    ibm websphere application server 6.1.0.10
    ibm websphere application server 6.1.0.11
    ibm websphere application server 6.1.0.12
    ibm websphere application server 6.1.0.13
    ibm websphere application server 6.1.0.14
    ibm websphere application server 6.1.0.15
    ibm websphere application server 6.1.0.16
    ibm websphere application server 6.1.0.17
    ibm websphere application server 6.1.0.18
    ibm websphere application server 6.0.2
    ibm websphere application server 6.1
    ibm websphere application server 5.1.0