Tuesday, August 7, 2018

IBM Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/newrelic@3.1.0 (CVE-2018-3739)

IBM API Connect has addressed the following vulnerability. Node.js https-proxy-agent module is vulnerable to a denial of service, caused by passing the auth option to the Buffer constructor without proper sanitization. A remote attacker could exploit this vulnerability using the auth parameter to leak memory and cause the application to consume all available CPU resources.

CVE(s): CVE-2018-3739

Affected product(s) and affected version(s):

Affected Product Affected Versions
API Connect 2018.1 – 2018.2.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10718999
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143928

The post IBM Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/newrelic@3.1.0 (CVE-2018-3739) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2AMNaAN

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.