Can you explain this vulnerability to me?

This vulnerability is a hash flooding Denial of Service (DoS) issue in Ehcache 3.x used within IBM Terracotta. It occurs when applications use cache keys directly sourced from external, potentially malicious users without filtering or salting. This improper handling causes hash collisions that degrade cache-write performance. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can lead to degraded cache-write performance in applications using affected Ehcache versions if they accept unfiltered or unsalted keys from external sources. This results in a low-severity Denial of Service impact, specifically reducing availability due to performance degradation. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by identifying if your application is using affected versions of Ehcache 3.x (specifically IBM Terracotta versions 10.15.0 up to Fix 23 and 11.1.0 up to Fix 5) and if it utilizes cache keys sourced directly from external, potentially malicious users without filtering or salting. There are no specific commands provided to detect this vulnerability on your network or system. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to apply the fixes provided by IBM: upgrade to IBM Terracotta 10.15.0 Fix 24 or later, or 11.1.0 Fix 6 or later. These fixes can be downloaded and installed via the IBM webMethods Update Manager. No other workarounds or mitigations are provided. [1]

Useful 0 Not Useful 0