When using the MQIPT SecurityManager, IP addresses that are not configured in the MQIPT security policy file with the accept and resolve socket permissions, cause MQIPT to stop responding to connection attempts.
CVE(s): CVE-2017-1118
Affected product(s) and affected version(s):
IBM WebSphere MQ Internet Pass-Thru v2.0 on all platforms
IBM WebSphere MQ Internet Pass-Thru v2.1 on all platforms
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uIegEi
X-Force Database: http://ift.tt/2vSRpEk
The post IBM Security Bulletin: Non-configured connections could cause denial of service in IBM WebSphere MQ Internet Pass-Thru (CVE-2017-1118 ) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2uI0RvZ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.