Vigil@nce - IBM WebSphere MQ Internet Pass-Thru: denial of service via CommandPort
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can connect on the CommandPort of IBM WebSphere MQ
Internet Pass-Thru, in order to trigger a denial of service.
Impacted products: WebSphere MQ
Severity: 2/4
Creation date: 19/03/2014
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere MQ Internet Pass-Thru product listens on an
administration port when the CommandPort directive is used in the
mqipt.conf file.
However, an attacker can send a malicious query to this port, in
order to stop the service. Technical details are unknown.
An attacker can therefore connect on the CommandPort of IBM
WebSphere MQ Internet Pass-Thru, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN