Security Bulletin: Potential security vulnerabilities exist in the IBM Java SDK that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2013-0440, CVE-2013-0443)

The current implementation of the JSSE provider shipped with the JDK allows duplicate handshake messages, which consume considerable resources on the server side. Diffie-Hellman key exchange is known to be vulnerable to weak key attacks. A peer's public...



via IBM Product Security Incident Response Team https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_exist_in_the_ibm_java_sdk_that_is_shipped_with_tivoli_netcool_omnibus_web_gui_cve_2013_0440_cve_2013_0443?lang=en_us