There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server.
CVE(s): CVE-2016-2923, CVE-2016-2945, CVE-2016-0359
Affected product(s) and affected version(s):
This vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v2.9.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28YBTM1
X-Force Database: http://ift.tt/28XWbJc
X-Force Database:
X-Force Database: http://ift.tt/28YBUiZ
from IBM Product Security Incident Response Team http://ift.tt/291gjHs
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.