CVE-2025-36128 (GCVE-0-2025-36128)
Vulnerability from cvelistv5 – Published: 2025-10-16 16:49 – Updated: 2025-10-16 18:13
VLAI?
Summary
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:03:23.348860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T18:13:32.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.2"
},
{
"status": "affected",
"version": "9.3"
},
{
"status": "affected",
"version": "9.4"
}
],
"x_SWEdition": "LTS"
},
{
"cpes": [
"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3"
},
{
"status": "affected",
"version": "9.4"
}
],
"x_SWEdition": "CD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service."
}
],
"value": "IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T16:49:26.251Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244480"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:\u003c/p\u003e\u003cp\u003e1. Load Balancer Configuration\u003c/p\u003e\u003cp\u003eIf the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.\u003c/p\u003e\u003cp\u003eBy using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.\u003c/p\u003e\u003cp\u003e2. Reverse Proxy\u003c/p\u003e\u003cp\u003eConsider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.\u003c/p\u003e\u003cp\u003e3. Web Application Firewall (WAF)\u003c/p\u003e\u003cp\u003eDeploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.\u003c/p\u003e\u003cp\u003e4. Limit Concurrent Connections\u003c/p\u003e\u003cp\u003eImplement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.\u003c/p\u003e\u003cp\u003e5. Traffic Rate Limiting\u003c/p\u003e\u003cp\u003eImplement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "To secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:\n\n1. Load Balancer Configuration\n\nIf the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.\n\nBy using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.\n\n2. Reverse Proxy\n\nConsider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.\n\n3. Web Application Firewall (WAF)\n\nDeploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.\n\n4. Limit Concurrent Connections\n\nImplement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.\n\n5. Traffic Rate Limiting\n\nImplement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36128",
"datePublished": "2025-10-16T16:49:26.251Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-10-16T18:13:32.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-36128\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-10-16T17:15:33.547\",\"lastModified\":\"2025-10-28T16:53:08.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"2E9E3A1B-D35D-4029-835C-C27917C2ABD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"AF700EBE-9E12-40AD-85B6-2B4C53514EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"89BDCCFD-C1DF-4E19-8597-DF87C56D7E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"574B92D2-A5C4-485F-AD8C-D82DC62CE5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"FE929BED-85A5-42DB-AAA4-B3EB90A1231D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"060C8A17-3897-4A14-AECF-2222313FC61B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FC45-C9BA-4EF0-BD06-BB289450DD21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F372EA-3A78-4703-A457-751B2C98D796\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7244480\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36128\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-16T18:03:23.348860Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-16T18:13:28.569Z\"}}], \"cna\": {\"title\": \"IBM MQ denial of service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*\", \"cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*\", \"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*\", \"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"MQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1\"}, {\"status\": \"affected\", \"version\": \"9.2\"}, {\"status\": \"affected\", \"version\": \"9.3\"}, {\"status\": \"affected\", \"version\": \"9.4\"}], \"x_SWEdition\": \"LTS\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*\", \"cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"MQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.3\"}, {\"status\": \"affected\", \"version\": \"9.4\"}], \"x_SWEdition\": \"CD\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"To secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:\\n\\n1. Load Balancer Configuration\\n\\nIf the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.\\n\\nBy using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.\\n\\n2. Reverse Proxy\\n\\nConsider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.\\n\\n3. Web Application Firewall (WAF)\\n\\nDeploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.\\n\\n4. Limit Concurrent Connections\\n\\nImplement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.\\n\\n5. Traffic Rate Limiting\\n\\nImplement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTo secure IBM WebSphere Liberty profile shipped with IBM MQ from Slowloris DDoS attacks, use one of the following methods:\u003c/p\u003e\u003cp\u003e1. Load Balancer Configuration\u003c/p\u003e\u003cp\u003eIf the setup involves a load balancer in front of the IBM WebSphere Liberty profile of IBM MQ, configure the load balancer to handle Slowloris-style attacks. A load balancer acts as an intermediary between clients and Liberty, distributing incoming requests across multiple backend servers.\u003c/p\u003e\u003cp\u003eBy using hardware load balancers with properly configured HTTP profiles, only complete and valid HTTP requests are forwarded to the web server, effectively filtering out the partial requests caused by Slowloris. This approach helps to prevent the attack from overwhelming the server, allowing it to continue serving legitimate traffic. Refer to IBM WebSphere Liberty documentation for configuration details.\u003c/p\u003e\u003cp\u003e2. Reverse Proxy\u003c/p\u003e\u003cp\u003eConsider using a reverse proxy to handle client requests. The reverse proxy can implement various security measures, including request buffering and handling connection timeouts, to mitigate Slowloris attacks.\u003c/p\u003e\u003cp\u003e3. Web Application Firewall (WAF)\u003c/p\u003e\u003cp\u003eDeploy a Web Application Firewall that can detect and block Slowloris-style attacks. A WAF can analyze incoming traffic, identify suspicious patterns indicative of Slowloris attacks, and block such requests before they reach the application server.\u003c/p\u003e\u003cp\u003e4. Limit Concurrent Connections\u003c/p\u003e\u003cp\u003eImplement a limit on the number of concurrent connections allowed from a single IP address or source. This helps to prevent an attack from establishing numerous connections and consuming all available server resources.\u003c/p\u003e\u003cp\u003e5. Traffic Rate Limiting\u003c/p\u003e\u003cp\u003eImplement rate-limiting mechanisms on the server to restrict the number of requests from a single IP address or source within a specific time frame. This method helps to prevent an attack from sending a pool of requests in a short period.\u003c/p\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7244480\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-772\", \"description\": \"CWE-772 Missing Release of Resource after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-10-16T16:49:26.251Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-36128\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-16T18:13:32.234Z\", \"dateReserved\": \"2025-04-15T21:16:18.171Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-10-16T16:49:26.251Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…