Lucene search

K
ibmIBM9DDAEC48F5FDC8D3B6ED22A1F99CECCF0F0AA19964724161D9B56C3D9BB41721
HistoryJun 15, 2018 - 7:08 a.m.

Security Bulletin: WebSphere Message Broker is affected by a Open Source Apache Tomcat Vulnerability (CVE-2017-5664 )

2018-06-1507:08:41
www.ibm.com
5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

WebSphere Message Broker has addressed the following vulnerabilities

Vulnerability Details

CVEID**:** CVE-2017-5664 **
DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Affected Products and Versions

WebSphere Message Broker V8.0.0.0 - V8.0.0.8

Remediation/Fixes

Product

| VRMF|APAR|Remediation/Fix
—|—|—|—
WebSphere Message Broker| V8.0.0.9| APAR IT21580 | For a fix for APAR IT21580, please contact IBM support.

Websphere Message Broker V8 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. If you are an extended support customer and require a fix, this is available only for the latest fixpack (8.0.0.9) .To obtain the fix contact IBM support.

CPENameOperatorVersion
websphere message brokereq8.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Related for 9DDAEC48F5FDC8D3B6ED22A1F99CECCF0F0AA19964724161D9B56C3D9BB41721