Lucene search

K
ibmIBM2671064AA5EF6EB20349E3B5187835E02B7D8C61BD46BE35DE9B34AE7E92ACD2
HistorySep 17, 2019 - 7:17 p.m.

Security Bulletin: Vulnerability in Eclipse Jetty affecting Rational Functional Tester

2019-09-1719:17:14
www.ibm.com
14

EPSS

0.041

Percentile

92.3%

Summary

There is a vulnerability in Eclipse Jetty used by Rational Functional Tester (RFT) versions 9.1.1.1, 9.2.1.1 and 9.5.0.0. RFT has addressed the applicable CVE.

Vulnerability Details

Rational Functional Tester has addressed the following vulnerability:

CVEID:CVE-2018-12545
DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Rational Functional Tester: 9.1.1.1, 9.2.1.1 and 9.5.0.0.

Remediation/Fixes

Apply the correct fix pack or iFix for your version of the Rational Functional Tester :

Product Version APAR Remediation/ First Fix
RFT 9.1.1.1 None Download iFix and apply it.
RFT 9.2.1.1 None Download iFix and apply it.
RFT 9.5.0.0 None Download iFix and apply it.

Workarounds and Mitigations

None.

EPSS

0.041

Percentile

92.3%