There is a vulnerability in Eclipse Jetty used by Rational Functional Tester (RFT) versions 9.1.1.1, 9.2.1.1 and 9.5.0.0. RFT has addressed the applicable CVE.
Rational Functional Tester has addressed the following vulnerability:
CVEID:CVE-2018-12545
DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Rational Functional Tester: 9.1.1.1, 9.2.1.1 and 9.5.0.0.
Apply the correct fix pack or iFix for your version of the Rational Functional Tester :
Product | Version | APAR | Remediation/ First Fix |
---|---|---|---|
RFT | 9.1.1.1 | None | Download iFix and apply it. |
RFT | 9.2.1.1 | None | Download iFix and apply it. |
RFT | 9.5.0.0 | None | Download iFix and apply it. |
None.