There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project.
CVE(s): CVE-2015-0254, CVE-2016-2945, CVE-2016-0389, CVE-2016-0359, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-2108
Affected product(s) and affected version(s):
All vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:
- Version 8.5.5 Liberty
Only CVE-2016-0254, CVE-2016-0359 and OpenSSL vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:
- Version 8.5.5 Full Profile.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/298lF7v
X-Force Database: http://ift.tt/1syxSqm
X-Force Database:
X-Force Database: http://ift.tt/28XVZcG
X-Force Database: http://ift.tt/28YBUiZ
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1VjTr9i
from IBM Product Security Incident Response Team http://ift.tt/298ma1h
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.