Lucene search

IBM2671064AA5EF6EB20349E3B5187835E02B7D8C61BD46BE35DE9B34AE7E92ACD2

HistorySep 17, 2019 - 7:17 p.m.

Security Bulletin: Vulnerability in Eclipse Jetty affecting Rational Functional Tester

2019-09-1719:17:14

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

There is a vulnerability in Eclipse Jetty used by Rational Functional Tester (RFT) versions 9.1.1.1, 9.2.1.1 and 9.5.0.0. RFT has addressed the applicable CVE.

Vulnerability Details

Rational Functional Tester has addressed the following vulnerability:

CVEID:CVE-2018-12545
DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Rational Functional Tester: 9.1.1.1, 9.2.1.1 and 9.5.0.0.

Remediation/Fixes

Apply the correct fix pack or iFix for your version of the Rational Functional Tester :

Product	Version	APAR	Remediation/ First Fix
RFT	9.1.1.1	None	Download iFix and apply it.
RFT	9.2.1.1	None	Download iFix and apply it.
RFT	9.5.0.0	None	Download iFix and apply it.

Workarounds and Mitigations

None.

CPENameOperatorVersion
ibm rational functional testereq9.1.1.1
ibm rational functional testereq9.2.1.1
ibm rational functional testereq9.5.0.0

Name	Operator	Version
ibm rational functional tester	eq	9.1.1.1
ibm rational functional tester	eq	9.2.1.1
ibm rational functional tester	eq	9.5.0.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for 2671064AA5EF6EB20349E3B5187835E02B7D8C61BD46BE35DE9B34AE7E92ACD2