关于 CVE-2015-0173 的漏洞信息

1. 漏洞描述
From NVD
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value.
From 神龙GPT (AIGC)
在IBM WebSphere MQ 2.1.0.2之前,在Internet Pass-Thru(IPT)中,当关闭HTTPS时,IBM WebSphere MQ 中的HTTP连接管理功能不会正确地生成MQIPT会话ID,这使得远程攻击者更容易通过预测ID值绕过对MQ消息数据的 intended restrictions。
2. 漏洞评分(CVSS)
From NVD
NVD 暂无评分
From 神龙GPT (AIGC)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
3. 漏洞类别
From NVD
NVD 暂无漏洞类别信息
From 神龙GPT (AIGC)
神龙GPT 暂无漏洞类别信息(请耐心等待)
Reference