IBM API Connect has addressed the following vulnerability. Node.js https-proxy-agent module is vulnerable to a denial of service, caused by passing the auth option to the Buffer constructor without proper sanitization. A remote attacker could exploit this vulnerability using the auth parameter to leak memory and cause the application to consume all available CPU resources.
CVE(s): CVE-2018-3739
Affected product(s) and affected version(s):
| Affected Product | Affected Versions |
|---|---|
| API Connect | 2018.1 – 2018.2.7 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10718999
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143928
The post IBM Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/newrelic@3.1.0 (CVE-2018-3739) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2AMNaAN
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.