Vigil@nce - IBM WebSphere MQ: denial of service via PCF
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A privileged attacker can send a PCF message to IBM WebSphere MQ,
in order to trigger a denial of service.
Impacted products: WebSphere MQ
Severity: 1/4
Creation date: 06/02/2015
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere MQ product uses PCF (Programmable Command
Format) messages to program administrative tasks.
However, an administrator can program a special task, generating a
big response, and filling the queue.
A privileged attacker can therefore send a PCF message to IBM
WebSphere MQ, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-denial-of-service-via-PCF-16123