IBM SmartCloud Entry is vulnerable to Php vulnerabilities. Attackers could exploit these vulnerabilities to cause a segfault, or redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the “HTTPOXY” vulnerability by using a specially-crafted Proxy header in a HTTP request.
CVE(s): CVE-2015-4644, CVE-2016-5385
Affected product(s) and affected version(s):
IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iAcf3Z
X-Force Database: http://ift.tt/2i3s5at
X-Force Database: http://ift.tt/2dv9pkb
from IBM Product Security Incident Response Team http://ift.tt/2i3s9GW
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.