There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs.
CVEID:CVE-2023-26048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-26049
**DESCRIPTION:**Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253355 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Rational Functional Tester (RFT) | 9.5 |
Rational Functional Tester (RFT) | 10.0 |
Rational Functional Tester (RFT) | 10.1 |
Rational Functional Tester (RFT) | 10.2 |
Rational Functional Tester (RFT) | 10.5 |
Upgrading to IBM Rational Functional Tester version 10.5.3 is strongly recommended. This version has addressed the applicable CVEs.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm rational functional tester | eq | 9.5 | |
ibm rational functional tester | eq | 10.5.2 |