IBM Security Bulletin: RC4 stream cipher vulnerability and HTTP request smuggling vulnerability affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-2808, CVE-2014-0227)
|
System information
|
| |
|
|
Affected software |
IBM |
Description
|
Apache Tomcat used in IBM Tivoli Application Dependency Discovery Manager is affected by the RC4 “Bar Mitzvah” Attack for SSL/TLS and is also affected by an HTTP request smuggling vulnerability. CVE(s): CVE-2015-2808 and CVE-2014-0227 Affected product(s) and affected version(s): TADDM 7.2.0.0 - 7.2.0.10 TADDM 7.2.1.0 - 7.2.1.6 TADDM 7.2.2.0 - 7.2.2.3 TADDM 7.3.0.0 Starting from TADDM 7.3.0.1 (FixPack 1) - not affected, TADDM is using IBM WebSphere Application Server Liberty
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rc4_stream_cipher_vulnerability_and_http_request_smuggling_vulnerability_affect_ibm_tivoli_application_dependency_discovery_manager_taddm_cve_2015_2808_cve_2014_0227?lang=en_ |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2015-2808 ,CVE-2014-0227 ,CVE-2014-3569 ,CVE-2014-3570 ,CVE-2014-3571 ,CVE-2014-3572 ,CVE-2014-8275 ,CVE-2015-0204 ,CVE-2015-0205 ,CVE-2015-0206 ,CVE-2015-0138 ,CVE-2015-0410 ,CVE-2014-6593 and CVE-2015-0400. |
