Vulnerability Name:

CVE-2009-0435 (CCN-48525)

Assigned:2009-02-06
Published:2009-02-06
Updated:2017-08-08
Summary:Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-0435

Source: AIXAPAR
Type: Patch, Vendor Advisory
PK64529

Source: CCN
Type: IBM Support & downloads
Fix list for IBM WebSphere Application Server version 6.1

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27007951

Source: CCN
Type: OSVDB ID: 53271
IBM WebSphere Application Server (WAS) Java Message Service (JMS) IBM Asynchronous I/O Multiple Method DoS (PK64529)

Source: BID
Type: UNKNOWN
33700

Source: CCN
Type: BID-33700
IBM WebSphere Application Server Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
websphere-libibmaio-dos(48525)

Source: XF
Type: UNKNOWN
websphere-libibmaio-dos(48525)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm aix 5.3
    ibm websphere application server 6.1.0
    ibm websphere application server 6.1.0.0
    ibm websphere application server 6.1.0.1
    ibm websphere application server 6.1.0.2
    ibm websphere application server 6.1.0.3
    ibm websphere application server 6.1.0.4
    ibm websphere application server 6.1.0.5
    ibm websphere application server 6.1.0.6
    ibm websphere application server 6.1.0.7
    ibm websphere application server 6.1.0.8
    ibm websphere application server 6.1.0.9
    ibm websphere application server 6.1.0.10
    ibm websphere application server 6.1.0.11
    ibm websphere application server 6.1.0.12
    ibm websphere application server 6.1.0.13
    ibm websphere application server 6.1.0.14
    ibm websphere application server 6.1.0.15
    ibm websphere application server 6.1.0.16
    ibm websphere application server 6.1.1
    ibm websphere application server 6.1.3
    ibm websphere application server 6.1.5
    ibm websphere application server 6.1.6
    ibm websphere application server 6.1.7
    ibm websphere application server 6.1.13
    ibm websphere application server 6.1.14
    ibm websphere application server 6.1