News & Media
Become a member »
» ESB-2012.0736 - [Win][Linux][HP-UX][Solaris][AIX] IB...
ESB-2012.0736 - [Win][Linux][HP-UX][Solaris][AIX] IBM Eclipse Help System: Multiple vulnerabilities
03 August 2012
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0736 VULNERABILITIES REPORTED ON IBM ECLIPSE HELP SYSTEM (IEHS) 3 August 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Eclipse Help System Publisher: IBM Operating System: Windows Linux variants Solaris AIX HP-UX Impact/Access: Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg1IO16829 - --------------------------BEGIN INCLUDED TEXT-------------------- IO16829: VULNERABILITIES REPORTED ON IBM ECLIPSE HELP SYSTEM (IEHS) APAR status Closed as program error. Error description Security vulnerabilities are reported on IEHS There are 2 Vulnerability reported on IEHS 1) IBM Eclipse Help System cross-site scripting Vulnerability 2) IBM Eclipse Help System Open Redirect Vulnerability Applicable to TDI v6.1.1, v7.0 & v7.1 which ships IEHS v3.1.0 Reported Vulnerability has been fixed in IEHS v3.1.2 Local fix NA Problem summary Vulnerabilities reported on IBM Eclipse Help System (IEHS) and this is applicable to TDI releases 6.1.1, 7.0 & 7.1. Problem conclusion Reported Vulnerability has been fixed in IEHS v3.1.2 and will be part of 7.1.0-TIV-TDI-LA0008. APAR Information APAR number IO16829 Reported component name ITDI MULTIPLATF Reported component ID 5724D9960 Reported release 710 Status CLOSED PER PE NoPE HIPER NoHIPER Special Attention NoSpecatt Submitted date 2012-07-31 Closed date 2012-07-31 Last modified date 2012-07-31 Fix information Fixed component name ITDI MULTIPLATF Fixed component ID 5724D9960 Applicable component levels R71D PSY UP Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUBtzru4yVqjM2NGpAQJnPw//eAdp5XwpifAlUFp7ETY69S5xUQLUHOV+ 8xlR3yO5YAGdAISuGID+CfEw7tvPPbtBPfuk7MBQXi8Af44AxCSiJXTGGoleXU99 edSEnjzhpZ/sw9wjHhLb4TXp8gUVUZQW+C7v91rPlVy64nIBc2c5ZWSk1iB4v6NW bG3RkFQJhnmRPVQpxj/m4LAUNAd7swdv5h39RrUCvy3d9XzMCkifd2psDTmC18wz OFwkxKwows5+kt8tlh3HVPFzrcdCAJ9yV3e39QrYn0ldhDO0eXSpSzAW+2DRzAXe eA2LYmQqVIg7ubxpgD07jPfmfVQRnY//5xm6jXmBSu+T/CdrVu5v1cAaTuXH+16u aCq429UIjThIM/qaM4OUCUgYNeERCYqqZnjEmAeld636Nm1NTSAp+eNH84Jq0xu8 w6SeHepL7sTLi7eIt3bsgoe3qNm9A54UA2ENfdAnTQVoJWv9ugmAt6WGERTyl1dX ZCnhy4zpqu7sVRzSqMZvyoh+xmFuMxlIy9dCPv5QvzjqMysj9P0BySntGcfON1LG MXp8XHX6Z4s0YFVRAAq1hsdnFh1s2Gp4VDzhXuuOEJ/b7frJ8LhrZT2TeX4ostlU HpFhTgDuMoMmE4qyEpfxLue4aZ6wr/qD8IuDgfTuKcKTRf7Mu7zPggHguo6XWKYQ yTfCdfxjdQY= =0ut9 -----END PGP SIGNATURE-----
Comments? Click here