{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-36128","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:18.171Z","datePublished":"2025-10-16T16:49:26.251Z","dateUpdated":"2025-10-16T18:13:32.234Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*"],"defaultStatus":"unaffected","product":"MQ","vendor":"IBM","versions":[{"status":"affected","version":"9.1"},{"status":"affected","version":"9.2"},{"status":"affected","version":"9.3"},{"status":"affected","version":"9.4"}],"x_SWEdition":"LTS"},{"cpes":["cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"],"defaultStatus":"unaffected","product":"MQ","vendor":"IBM","versions":[{"status":"affected","version":"9.3"},{"status":"affected","version":"9.4"}],"x_SWEdition":"CD"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service."}],"value":"IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-772","description":"CWE-772 Missing Release of Resource after Effective Lifetime","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-10-16T16:49:26.251Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7244480"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>To secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:</p><p>1. Load Balancer Configuration</p><p>If the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.</p><p>By using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.</p><p>2. Reverse Proxy</p><p>Consider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.</p><p>3. Web Application Firewall (WAF)</p><p>Deploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.</p><p>4. Limit Concurrent Connections</p><p>Implement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.</p><p>5. Traffic Rate Limiting</p><p>Implement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period.</p>\n\n<br>"}],"value":"To secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:\n\n1. Load Balancer Configuration\n\nIf the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.\n\nBy using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.\n\n2. Reverse Proxy\n\nConsider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.\n\n3. Web Application Firewall (WAF)\n\nDeploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.\n\n4. Limit Concurrent Connections\n\nImplement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.\n\n5. Traffic Rate Limiting\n\nImplement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period."}],"source":{"discovery":"UNKNOWN"},"title":"IBM MQ denial of service","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-16T18:03:23.348860Z","id":"CVE-2025-36128","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-16T18:13:32.234Z"}}]}}