5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
IBM Rational Build Forge is shipped with an Apache Tomcat. Apache Tomcat has released a patch that contains security vulnerability fixes and BuildForge is affected. These fixes have been added to the Rational Build Forge 7.1.3.5 iFix2 and 8.0.0.2 release.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID:_ CVE-2013-4286_
Description: Open Source Apache Tomcat - HTTP request smuggling issue.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426> for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Build Forge 7.1.3.x, 8.0, and 8.0.0.1 are affected.
Note: Versions earlier than 7.1.3.0 are**not **affected.
Apply the correct fix pack or iFix for your version of Build Forge:
Affected Version | Fix |
---|---|
Build Forge version 7.1.3.0 - 7.1.3.5 iFix1 | 7.1.3.5 iFix2 (not released yet) |
Note: If you need 7.1.3.5 iFix2, contact IBM support
Build Forge version 8.0.0.0 - 8.0.0.1| Rational Build Forge Fix Pack 2 (8.0.0.2) for 8.0
Update your Tomcat installation.