IBM Aspera Shares Application uses Nginx as its web server. A number of vulnerabilities were discovered with earlier versions of Nginx that can cause denial of service application crashes.
CVE(s): CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2016-4450
Affected product(s) and affected version(s):
IBM Aspera Shares Application 1.9.2 or earlier
Remediation/Fixes
Upgrade to IBM Aspera Shares Application 1.9.4 or later for Linux or 1.9.6 or later for Windows from the Aspera downloads site.
For unsupported versions of the IBM Aspera Shares Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2eD2fHE -earlier
X-Force Database: http://ift.tt/2dv8i3T
X-Force Database: http://ift.tt/2dNqtgj
X-Force Database: http://ift.tt/2dv93tu
X-Force Database: http://ift.tt/29OEayj
from IBM Product Security Incident Response Team http://ift.tt/2eD2ym1
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.