Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5BB029DD0F47E3F91B892DA8A06ACEE684C2BFCA2E7E1DE0CEF0AB4939074E28
HistoryJul 10, 2018 - 8:34 a.m.

Security Bulletin: IBM Rational ClearCase CCRC WAN Server remote denial of service (CVE-2013-6329)

2018-07-1008:34:12
www.ibm.com
6

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

A vulnerability in relation to SSL/TLS Handshake Processing has been discovered related to the SSLV3 Session Resumption when using SSLV2.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

Description: A vulnerability in relation to SSL/TLS Handshake Processing has been discovered related to the SSLV3 Session Resumption when using SSLV2.

CVSS Base Score: 7.8 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88939&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Affected Products and Versions

IBM Rational ClearCase, CCRC WAN server component, releases 8.0.x, 7.1.x, 7.0.x.

This vulnerability only applies to the WAN server component, not to other parts of IBM Rational ClearCase.

Remediation/Fixes

Update your CCRC WAN server system to a newer version of IBM HTTP Server.

  • ClearCase release 7.0.x: Document 1295608 explains how to update IBM HTTP Server in the RWP component of ClearCase. Consult those instructions when applying the IHS interim fix listed in IHS security bulletin 1659548.
  • ClearCase release 7.1.x: Document 1390803 explains how to update IBM HTTP Server for IBM Rational ClearCase WAN servers at release 7.1.x. Consult those instructions when applying the IHS interim fix, or applying IHS fix pack 7.0.0.33 or later, as described in IHS security bulletin 1659548.
  • ClearCase release 8.0.x: Upgrade IBM HTTP Server to a version including the fix (see the IHS bulletin), or install the IHS interim fix. Consult IHS security bulletin 1659548 for the releases of IHS that contain the fixes, and apply the fixes relevant for your version of IHS. No ClearCase-specific steps are necessary.

Workarounds and Mitigations

Set SSL server configuration options as described in IHS security bulletin 1659548.

Related

ibm 11
nessus 8
seebug 1
prion 1
cve 1
ibm
ibm
Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Client SDK (CVE-2013-6329)
2018-06-16 14:11:54
Security Bulletin: GSKit SSL negotiation vulnerability in Tivoli Access Manager for e-business (CVE-2013-6329)
2018-06-16 21:16:04
Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Server (CVE-2013-6329)
2018-06-16 14:11:54
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.1 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 (505927)
2021-01-06 00:00:00
IBM Tivoli Access Manager for e-Business < 6.0.0.31 / 6.1.0.12 / 6.1.1.8 or GSKit < 7.0.4.47 SSL/TLS Handshake Processing DoS
2015-01-13 00:00:00
Informix Server GSKit < 7.0.4.47 / 8.0.50.13 SSL/TLS DoS
2014-01-24 00:00:00
seebug
seebug
IBM Content Manager OnDemand for Multiplatform SSLv2δΌšθ―ζ’ε€ε€„η†θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌ
2013-12-17 00:00:00
prion
prion
Session fixation
2013-12-17 15:21:00
cve
cve
CVE-2013-6329
2013-12-17 15:21:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for 5BB029DD0F47E3F91B892DA8A06ACEE684C2BFCA2E7E1DE0CEF0AB4939074E28
ibm11nessus8seebug1prion1cve1