Lucene search

K
ibmIBMAAFBC906182DD485633ECB32BDE28F026BCB70599B1B63815C9A3816859E2F31
HistoryJun 15, 2018 - 10:49 p.m.

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Core (CVE-2016-8745)

2018-06-1522:49:47
www.ibm.com
7

EPSS

0.006

Percentile

79.4%

Summary

IBM Algo One - Core was potentially vulnerable to a remote attacker’s attempt to obtain sensitive information (Advisory 7416).

Vulnerability Details

CVEID: CVE-2016-8745**
DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119642 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Algo One - Core versions 5.0.0 and 4.9.0.

Apache Tomcat is not packaged with Algo One - Core 5.1.0.

Remediation/Fixes

Product Name

| iFix Name|Remediation/First Fix
β€”|β€”|β€”
Algo One - Core| 500-362| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-1-Algo-One-AlgoCore-if0362:0&includeSupersedes=0&source=fc&login=true
Algo One - Core| 490-226| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-1-Algo-One-AlgoCore-if0226:0&includeSupersedes=0&source=fc&login=true

CPENameOperatorVersion
algo oneeq5.0
algo oneeq4.9
algo one legacyeqany