Intrusion PreventionIBM.WebSphere.AS.Malformed.Serialized.Object.DOS
Description
This indicates an attempt to exploit a Denial of Service vulnerability in IBM WebSphere Application Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted HTTP requests. A remote attacker can exploit this to perform a denial of service attack on the target server via a crafted HTTP request.
Affected Products
IBM WebSphere Application Server 7.0.0.41 and prior version
IBM WebSphere Application Server 8.0.0.12 and prior version
IBM WebSphere Application Server 8.5.5.10 and prior version
IBM WebSphere Application Server 9.0.0.1 and prior version
IBM WebSphere Application Server Liberty 16.0.0.2 and prior version
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
https://www-01.ibm.com/support/docview.wss?uid=swg21990060
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-11-19 | 16.965 | Name:IBM. WebSphere. Application. Malformed. Serialized. Object. DOS:IBM. WebSphere. AS. Malformed. Serialized. Object. DOS |
References
SWG21990060| ID | 43272 |
| Created | Oct 19, 2016 |
| Updated | Apr 17, 2023 |
| Risk |
|
| CVE ID | CVE-2016-5983 |
| Exploit Prediction Score | 1.51% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | IBM |