Wednesday, June 13, 2018

IBM Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities

IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm master process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to a denial of service, caused by a use-after-free when processing CNAME name records. By using specially-crafted CNAME name records, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE(s): CVE-2015-9253, CVE-2016-0746

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22017103
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139816
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110282

The post IBM Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities appeared first on IBM PSIRT Blog.

Affected API Connect Affected Versions
IBM API Connect 5.0.0.0-5.0.8.3


from IBM Product Security Incident Response Team https://ift.tt/2JARNSE

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.