CVE-2015-2013 - OpenCVE

IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Websphere Mq

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_mq:7.0.1.0:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.1:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.2:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.3:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.4:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.5:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.6:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.7:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.8:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.9:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.10:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.11:::::::*
	cpe:2.3:a:ibm:websphere_mq:7.0.1.12:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860
http://www-01.ibm.com/support/docview.wss?uid=swg21962479	Patch Vendor Advisory
http://www.securitytracker.com/id/1033449

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2015-09-14T01:00:00

Updated: 2016-12-20T16:57:01

Reserved: 2015-02-19T00:00:00

Link: CVE-2015-2013

JSON object: View

NVD Information

Status : Modified

Published: 2015-09-14T01:59:00.107

Modified: 2016-12-22T02:59:36.050

Link: CVE-2015-2013

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "1033449", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033449"}, {"name": "IV73860", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-2013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1033449", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033449"}, {"name": "IV73860", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21962479", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962479"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-2013", "datePublished": "2015-09-14T01:00:00", "dateReserved": "2015-02-19T00:00:00", "dateUpdated": "2016-12-20T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6E60ABB-E703-4745-98F3-22609FF70F6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDC03B4D-98C2-4704-9BF9-47888489B9C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "73E4EAA2-8842-41AB-B8E0-944CDF72C893", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D71A8D2-C97E-4A0D-B4F7-19E0B24AC887", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "362B6A59-1FFD-4C11-8F86-0A5516A36385", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5046C962-98D9-43C3-8D83-B144CE442A31", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A379F4E4-5A82-454A-B1D0-D4CAAD9E1457", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DECB8B77-BAB7-468E-8D22-57FE9F42F718", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "2CE2BBC9-7772-48FF-BDE5-D61F9E16BB0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "0E3E613F-20C4-448E-99C7-C03587B2AE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "EC348B63-F62A-4F23-8BFC-EC6FDA057DA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "7A3E5E8C-E897-4720-8B79-3D670B3A3CA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "41B533BC-8796-4ADA-B67D-0CA41CD8BA65", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call."}, {"lang": "es", "value": "Vulnerabilidad en IBM WebSphere MQ 7.0.1 en versiones anteriores a 7.0.1.13, permite a atacantes remotos causar una denegaci\u00f3n de servicio (terminaci\u00f3n anormal canal-agente e interrupci\u00f3n del proceso) a trav\u00e9s de una cadena de selecci\u00f3n manipulada en una llamada MQI."}], "id": "CVE-2015-2013", "lastModified": "2016-12-22T02:59:36.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-14T01:59:00.107", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV73860"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962479"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1033449"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}