IBMCF1F07DA2B20C770F95DF588BC3F6C960A553C9CE8063CC74407C77B7C6EE7BBSecurity Bulletin: Rational Build Forge Security Advisory (CVE-2013-4286)
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Summary
IBM Rational Build Forge is shipped with an Apache Tomcat. Apache Tomcat has released a patch that contains security vulnerability fixes and BuildForge is affected. These fixes have been added to the Rational Build Forge 7.1.3.5 iFix2 and 8.0.0.2 release.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
โ|โ
CVEID:_ CVE-2013-4286_
Description: Open Source Apache Tomcat - HTTP request smuggling issue.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426> for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
Build Forge 7.1.3.x, 8.0, and 8.0.0.1 are affected.
Note: Versions earlier than 7.1.3.0 are**not **affected.
Remediation/Fixes
Apply the correct fix pack or iFix for your version of Build Forge:
| Affected Version | Fix |
|---|---|
| Build Forge version 7.1.3.0 - 7.1.3.5 iFix1 | 7.1.3.5 iFix2 (not released yet) |
Note: If you need 7.1.3.5 iFix2, contact IBM support
Build Forge version 8.0.0.0 - 8.0.0.1| Rational Build Forge Fix Pack 2 (8.0.0.2) for 8.0
Workarounds and Mitigations
Update your Tomcat installation.
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N