IBM DataPower Gateway may re-use the source port in DNS lookups. IBM has addressed the applicable CVE
CVE(s): CVE-2017-1773
Affected product(s) and affected version(s):
DataPower versions 7.1.0.0-7.1.0.20, 7.2.0.0-7.2.0.17, 7.5.0.0-7.5.0.11, 7.5.1.0-7.5.1.10, 7.5.2.0-7.5.2.10 and 7.6.0.0-7.6.0.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012758
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136817
The post IBM Security Bulletin: Reuse of Source Port in DataPower DNS queries (CVE-2017-1773) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2DOLpV5
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.