CVE-2015-1955
Description
IBM MQ Light before 1.0.0.2 allows denial of service via crafted authentication byte sequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM MQ Light before 1.0.0.2 allows denial of service via crafted authentication byte sequence.
Vulnerability
IBM MQ Light versions 1.0 and 1.0.0.1 have an improper handling of authentication credentials that allows a remote attacker to cause a denial of service by sending specially crafted byte sequences in authentication data [1].
Exploitation
An attacker can exploit this vulnerability over the network without authentication by sending a crafted byte sequence during the authentication process [1]. No user interaction or special privileges are required.
Impact
Successful exploitation results in the consumption of all CPU resources, leading to a denial of service. The availability of the service is compromised [1].
Mitigation
The vulnerability is fixed in IBM MQ Light version 1.0.0.2 [1]. No workarounds are available. Users should upgrade to the latest version to mitigate the issue [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_mq_light:1.0.0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www-01.ibm.com/support/docview.wssnvdVendor Advisory
News mentions
0No linked articles in our index yet.