CVE-2010-0776

IBM WebSphere Application Server <6.0.2.43-7.0.0.11 - DoS

Title source: llm
STIX 2.1

Description

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58556

Scores

EPSS 0.0162
EPSS Percentile 73.2%

Details

CWE
CWE-20
Status published
Products (50)
ibm/websphere_application_server 6.0
ibm/websphere_application_server 6.0.0.1
ibm/websphere_application_server 6.0.0.2
ibm/websphere_application_server 6.0.0.3
ibm/websphere_application_server 6.0.1
ibm/websphere_application_server 6.0.1.1
ibm/websphere_application_server 6.0.1.2
ibm/websphere_application_server 6.0.1.3
ibm/websphere_application_server 6.0.1.5
ibm/websphere_application_server 6.0.1.7
... and 40 more
Published May 17, 2010
Tracked Since Feb 18, 2026