If a JAR file is signed with old, weak hash algorithms, the class files within it can be modified without the change being caught. This potentially enables attackers to inject malicious code into signed code from a trusted third party.
CVE(s): CVE-2016-5542
Affected product(s) and affected version(s):
All versions of Rational Functional Tester from 8.3.0 through 8.6.0.9
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jmxYBy
X-Force Database: http://ift.tt/2e5s2Ku
from IBM Product Security Incident Response Team http://ift.tt/2jmvzXc
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.