Lucene search

K
ibmIBM268E74C4C7CDEBD7A8D03B7DAAAA99401A5A8F383B6A8DFA279CDFA1A14E0C8B
HistoryJun 15, 2018 - 10:49 p.m.

Security Bulletin: Apache Tomcat vulnerability affects IBM Algo One - Counterparty Credit Risk (CVE-2016-8745)

2018-06-1522:49:25
www.ibm.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary

Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body.

Vulnerability Details

CVEID: CVE-2016-8745** *CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119642 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Algo One - Counterparty Credit Risk (CCR) versions 5.1.0 and 5.0.0.

Remediation/Fixes

Product Name

| iFix Name|Remediation/First Fix
—|—|—
Algo One - CCR| 510-201| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.2-3-Algo-One-RTCE-RHEL-if0201:0&includeSupersedes=0&source=fc&login=true
Algo One - CCR| 500-370| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.8-2-Algo-One-RTCE-if0370:0&includeSupersedes=0&source=fc&login=true

CPENameOperatorVersion
algo oneeq5.1.0
algo oneeq5.0
algo one legacyeqany

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N