Lucene search

K
ibmIBM0D4811CF16080329FAED2F0F50384DF021CD54EDE21A91677DCCA510ADF9344B
HistoryJun 16, 2018 - 8:12 p.m.

Security Bulletin: Vulnerabilities in Apache HTTP Components Libraries Affect IBM B2B Advanced Communications

2018-06-1620:12:39
www.ibm.com
11

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

Summary

The Apache httpclient-4.0.2.jar used by IBM B2B Advanced Communications has vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-5262**
DESCRIPTION:** Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2014-3577**
DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1

IBM B2B Advanced Communications 1.0.0.2 - 1.0.0.5_3

Remediation/Fixes

_Fix_*

| VRMF|How to acquire fix
—|—|—
iFix 1.0.0.6| 1.0.0.6| IBM Fix Central > B2B_Advanced_Communications_V1.0.0.6_iFix_Media

Workarounds and Mitigations

None

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N