Lucene search

K
ibmIBM3012BB3E52EE4606C8FA9F7A269A5447E9F7AA98164D91790578CF490FC3EC84
HistoryFeb 04, 2019 - 1:05 p.m.

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034)

2019-02-0413:05:02
www.ibm.com
8

EPSS

0.791

Percentile

98.3%

Summary

IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v7.

Vulnerability Details

CVEID: CVE-2018-11784
DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150860&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID: CVE-2018-8034
DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name verification when using TLS with the WebSocket client. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147211&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

WebSphere Cast Iron v 7.0.0.0, v 7.0.0.1 and v 7.0.0.2.

WebSphere Cast Iron v 7.5.0.0, v 7.5.0.1 and v 7.5.1.0.

App Connect Professional v7.5.2.0.

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
Cast Iron Appliance 7.5.0.0, 7.5.0.1, 7.5.1.0 LI80509 iFix 7.5.1.0-CUMUIFIX-023
Cast Iron Appliance 7.0.0.0, 7.0.0.1, 7.0.0.2 LI80509 iFix 7.0.0.2-CUMUIFIX-044
App Connect Professional 7.5.2.0 LI80509 iFix 7.5.2.0-CUMUIFIX-013

Workarounds and Mitigations

None.

CPENameOperatorVersion
ibm cast iron cloud integrationeqany