Monday, October 24, 2016

IBM Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier

IBM Aspera Shares Application uses Nginx as its web server. A number of vulnerabilities were discovered with earlier versions of Nginx that can cause denial of service application crashes.

CVE(s): CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2016-4450

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Remediation/Fixes
Upgrade to IBM Aspera Shares Application 1.9.4 or later for Linux or 1.9.6 or later for Windows from the Aspera downloads site.

For unsupported versions of the IBM Aspera Shares Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2eD2fHE -earlier
X-Force Database: http://ift.tt/2dv8i3T
X-Force Database: http://ift.tt/2dNqtgj
X-Force Database: http://ift.tt/2dv93tu
X-Force Database: http://ift.tt/29OEayj



from IBM Product Security Incident Response Team http://ift.tt/2eD18b1

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.