Lucene search

K
ibmIBM4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274
HistoryDec 06, 2018 - 6:05 a.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2012-5783)

2018-12-0606:05:02
www.ibm.com
16
ibm cloud orchestrator
websphere application server
security vulnerability
cve-2012-5783
upgrade
fixes

EPSS

0.002

Percentile

62.0%

Summary

WebSphere Application Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

|

Affected Supporting Product and Version

—|—

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6

|

  • WebSphere Application Server V8.5.5 through V8.5.5.12

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5

|

  • WebSphere Application Server V8.5.0.1 through V8.5.5.12

Remediation/Fixes

The recommended solution is to apply the fixes as soon as practical.

Principal Product and Version(s) VRMF Remediation/First Fix
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6

Upgrade to IBM Cloud Orchestrator 2.5 Fix Pack 7:
<https://www-01.ibm.com/support/docview.wss?uid=ibm10718247&gt;

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 | After you upgrade to minimal fix pack levels as required by interim fix, apply the appropriate Interim to your environment as soon as practical. For details, see

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)

Workarounds and Mitigations

None