Security Bulletin: Potential security vulnerability due to the implementation of Java HashTable in Information Archive (CVE-2012-0193)

Flash (Alert)


Potential Denial of Service (DOS) security exposure when using web-based applications due to the vulnerability in the Java HashTable implementation. Only an authorized user can exploit this vulnerability issue, which is described by the CVE-2012-0193 security alert. An unauthorized user cannot exploit the issue.



CVE ID: CVE-2012-0193

DESCRIPTION: This information is extracted from a Flash notification from the IBM WebSphere Application Server support team. You can read the notification at the following link:

This vulnerability can cause a large number of HashTable collisions due to specially crafted HTTP request parameters. If there are too many collisions, performance is significantly impaired and can lead to a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

All versions of Information Archive prior to

Upgrade your Information Archive appliance to release

VRMF Download URL

Workaround(s): None

Mitigation(s): Ensure that access to the Information Archive appliance is tightly controlled. Without the proper user authentication, nothing can be run on the appliance or added to the appliance.

Complete CVSS Guide (
On-line Calculator V2 (
X-Force Vulnerability Database (
CVE-2012-0193 (

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related information

Potential security vulnerability when using Web based a

Cross reference information
Segment Product Component Platform Version Edition
Disk Storage Systems IBM Information Archive Graphical User Interface (GUI) 2.1, 2.1.1, 2.1.2,, 2.1.3,, N/A

Document information

More support for:

IBM Information Archive
Graphical User Interface (GUI)

Software version:

2.1, 2.1.1, 2.1.2,, 2.1.3,,

Operating system(s):


Software edition:

All Editions

Reference #:


Modified date:


Translate my page

Content navigation