| Description: | | There exists a buffer overflow vulnerability in IBM's WebSphere Application Server. The vulnerability is caused by improper validation of user-supplied input in the application authentication process. A successful attack can terminate the server process. It is also possible to inject and execute arbitrary code on the target. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. All established connections are reset. All web applications hosted by the target are unavailable until the application server is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process. |