Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server

Summary There are multiple vulnerabilities in Apache HttpComponents and HttpCommons libraries which affect WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to...

Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Summary Multiple security vulnerabilities affect components used by the following products that may affect those products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager...

Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)

Summary Multiple vulnerabilities have been identified Apache HttpComponents shipped with IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2011-1498 DESCRIPTION: Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the...

EulerOS 2.0 SP5 : jakarta-commons-httpclient (EulerOS-SA-2020-1109)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed the following security vulnerabilities. Vulnerability Details CVEID: CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuerystrInput function. A remot...

Security Bulletin: Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF

Summary Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF: CVE-2012-6153, CVE-2014-3577 Vulnerability Details Brief Description: Apache HttpComponents CN spoofing CVE-ID: CVE-2012-6153 Description: Apache HttpComponents could allow a remote attacker to conduct...

Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF

Summary Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498 Vulnerability Details Apache HttpComponents Client CVE-2011-1498 Affected version: HttpClient 4.x before 4.1.1 Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an...

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

GHSA-FMJ5-WV96-R2CH Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities

Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...

Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872)

Summary Fixes of Cognos Business Intelligence is provided as part of Tivoli Common Reporting TCR fixes. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos...

Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)

Summary Apache HttpComponents that are vulnerable to spoofing attacks are affecting Case Manager Client. Vulnerability Details Apache HttpComponents that are being utilized by the Forms widget in Case Manager Client when you are working with IBM Forms are vulnerable to spoofing attacks. CVEID:...

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-1498 DESCRIPTION: Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an...

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)

Summary Apache HttpComponents vulnerabilities while verifying certificates was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2012-6153 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix relat...

Security Bulletin: IBM Cognos Business Intelligence Server 2015Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October...

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.9

Summary Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Affected Products and Versions The following IBM WebSphere Application Server Version...

Security Bulletin: Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577)

Summary There are two vulnerabilities in Apache HTTPComponents that are used in IBM WebSphere Application Server. Although IBM WebSphere Application server is not vulnerable to these, other products or applications that use these libraries could be vulnerable. Vulnerability Details CVEID:...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.0.0 security update

Red Hat JBoss Data Virtualization 6.0.0 2015 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...