IBMD6C1B08B44E76FAE80F6B83A883930BE9FECA76EA1C54DE8BFEC57E3306A7446Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Summary
Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498
Vulnerability Details
Apache HttpComponents Client
CVE-2011-1498
Affected version: HttpClient 4.x before 4.1.1
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Affected Products and Versions
IBM Spectrum LSF 10.0.0.4
IBM Spectrum LSF 10.0.0.5
IBM Spectrum LSF 10.0.0.6
IBM Spectrum LSF 10.0.0.7
Remediation/Fixes
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
LSF
|
10.1.0.4
|
None
|
See fix below
LSF
|
10.1.0.5
|
None
|
See fix below
LSF
|
10.1.0.6
|
None
|
See fix below
LSF
|
10.1.0.7
|
None
|
See fix below
Download Fix 512358 from the following location:
http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0
-
Go to the patch install directory: cd $LSF_ENVDIR/…/10.1/install/
-
Copy the patch file to the install directory $LSF_ENVDIR/…/10.1/install/
-
Run patchinstall: ./patchinstall <patch>
-
Run “badmin mbdrestart”
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum lsf | eq | any |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N