IBM Information Archive Hash Collision Denial of Service

by Carol~ Moderator - 4/4/13 12:40 PM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

IBM Information Archive Hash Collision Denial of Service Vulnerability

Release Date : 2013-04-04

Criticality level : Not critical
Impact : DoS
Where : From local network
Solution Status: Vendor Patch

Operating System: IBM Information Archive 2.x

Description:
A weakness has been reported in IBM Information Archive, which can be exploited by malicious users to cause a DoS (Denial of Service).

The weakness is caused due to an error related to the Graphical User Interface (GUI) within a hash generation function when hashing form posts and updating a hash table.

The weakness is reported in versions prior to 2.1.3.3.

Solution:
Update to version 2.1.3.3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21594731

http://secunia.com/advisories/52905/