IBM Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. CVE(s): CVE-2014-6176 Affected product(s) and affected version(s): WebSphere Process Server V7.0 WebSphere Enterprise Service Bus V7.0 IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x If you are on earlier
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_incorrect_ssl_protocol_variant_in_sca_http_binding_affecting_websphere_enterprise_service_bus_websphere_process_server_and_ibm_business_process_manager_advanced_cve_2014_6176 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-6176 ,CVE-2014-6457 ,CVE-2014-3566 ,CVE-2014-4244 ,CVE-2014-4263 and CVE-2014-6468. |