CVE-2016-2960

moderate-risk

Published 2016-08-08

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

Do I need to act?

-

0.68% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

3

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (20)

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Affected Vendors

Ibm

References (8)

Broken Link http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21984796

http://www.securityfocus.com/bid/92354

http://www.securitytracker.com/id/1036514

Broken Link http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21984796

http://www.securityfocus.com/bid/92354

http://www.securitytracker.com/id/1036514

42

/ 100

moderate-risk

Severity 13/34 · Low

Exploitability 2/34 · Minimal

Exposure 27/34 · High