Dec 20, 2017 10:00 am EST
Categorized: High Severity
Share this post:
IBM Connections Docs has addressed the following vulnerability. IBM Connections Docs uses libxml2 to do document conversion. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system.
CVE(s): CVE-2017-16932, CVE-2017-16931
Affected product(s) and affected version(s):
| Affected IBM Connections Docs | Affected Versions |
| IBM Connections Docs | 2.0.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2B6gH4g
X-Force Database: http://ift.tt/2BNOTFm
X-Force Database: http://ift.tt/2B6gKNu
from IBM Product Security Incident Response Team http://ift.tt/2BNOW40
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.