Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. CVE(s): CVE-2014-6176 Affected product(s) and affected version(s): WebSphere Process Server V7.0 WebSphere Enterprise Service Bus V7.0 IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x If you are on earlier More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_incorrect_ssl_protocol_variant_in_sca_http_binding_affecting_websphere_enterprise_service_bus_websphere_process_server_and_ibm_business_process_manager_advanced_cve_2014_6176 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2014-6176 ,CVE-2014-6457 ,CVE-2014-3566 ,CVE-2014-4244 ,CVE-2014-4263 and CVE-2014-6468. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-12-19 |