Boletines de Vulnerabilidades

IBM Security Bulletin: Vulnerabilities in cURL component shipped with ClearCase (CVE-2014-0139)

Información sobre el sistema
   
Software afectado IBM

Descripción
An attacker could send a specially-crafted certificate to impersonate a server. CVE(s): CVE-2014-0139 Affected product(s) and affected version(s): The cURL component is only used in the CMI integration and in the OSLC-based ClearQuest integration. ClearCase client version Status 8.0.1 through 8.0.1.4 Affected 8.0 through 8.0.0.11 Affected 7.1.2 through 7.1.2.14 Affected 7.1.0.x, 7.1.1.x (all versions and fix packs) Not affected 7.0.x Not

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_curl_component_shipped_with_clearcase_cve_2014_0139?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-0139 ,CVE-2014-3566 ,CVE-2014-6457 and CVE-2014-6468.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-12-18

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT