Intrusion Prevention

IBM.WebSphere.AS.Malformed.Serialized.Object.DOS

Description

This indicates an attempt to exploit a Denial of Service vulnerability in IBM WebSphere Application Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted HTTP requests. A remote attacker can exploit this to perform a denial of service attack on the target server via a crafted HTTP request.

Affected Products

IBM WebSphere Application Server 7.0.0.41 and prior version
IBM WebSphere Application Server 8.0.0.12 and prior version
IBM WebSphere Application Server 8.5.5.10 and prior version
IBM WebSphere Application Server 9.0.0.1 and prior version
IBM WebSphere Application Server Liberty 16.0.0.2 and prior version

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
https://www-01.ibm.com/support/docview.wss?uid=swg21990060

CVE References

CVE-2016-5983

Other References

SWG21990060