You are here

T-686: IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability

August 8, 2011 - 3:00pm

Addthis

PROBLEM:

A vulnerability in the Java Runtime Environment allows unauthenticated network attacks ( i.e. it may be exploited over a network without the need for a username and password)

PLATFORM:

Tivoli versions prior to 1.1.1.15.

ABSTRACT:

IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability.

reference  LINKS:

IBM ID: 1508061
Secunia Advisory: SA45556
CVE-2010-4476

IMPACT ASSESSMENT:

Medium

Discussion:

IBM has acknowledged a vulnerability in IBM Tivoli Integrated Portal, which can be exploited by malicious people to cause a DoS (Denial of Service).

Impact:

Vulnerabilities have been reported in Sun Java, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:

Update to eWAS version 6.1.0.39 or update to TIP version 1.1.1.15. The fix for this vulnerability is in eWAS version 6.1.0.39. This version of eWAS is included with TIP 1.1.1.15 which is due out this November 2011
IBM Downloads
 

Addthis