4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498
Apache HttpComponents Client
CVE-2011-1498
Affected version: HttpClient 4.x before 4.1.1
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
IBM Spectrum LSF 10.0.0.4
IBM Spectrum LSF 10.0.0.5
IBM Spectrum LSF 10.0.0.6
IBM Spectrum LSF 10.0.0.7
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
LSF
|
10.1.0.4
|
None
|
See fix below
LSF
|
10.1.0.5
|
None
|
See fix below
LSF
|
10.1.0.6
|
None
|
See fix below
LSF
|
10.1.0.7
|
None
|
See fix below
Download Fix 512358 from the following location:
http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0
Go to the patch install directory: cd $LSF_ENVDIR/…/10.1/install/
Copy the patch file to the install directory $LSF_ENVDIR/…/10.1/install/
Run patchinstall: ./patchinstall <patch>
Run “badmin mbdrestart”
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum lsf | eq | any |