Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: Dual_EC_DRBG vulnerability and RC4 stream cipher vulnerability affect WebSphere Transformation Extender Secure Adapter Collection (CVE-2007-6755, CVE-2015-2808) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
Some versions of WebSphere Transformation Extender Secure Adapter Collection utilize RSA BSAFE SSL-C with the Dual_EC_DRBG random number generation algorithm. Usage of Dual_EC_DRBG random number generation algorithm might allow context-dependent attackers to defeat cryptographic protection mechanisms. Also, the RC4 “Bar Mitzvah” Attack for SSL/TLS affects the RSA BSAFE SSL-C implementation included in IBM WebSphere Transformation Extender Secure Adapter Collection. CVE(s): More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_dual_ec_drbg_vulnerability_and_rc4_stream_cipher_vulnerability_affect_websphere_transformation_extender_secure_adapter_collection_cve_2007_6755_cve_2015_2808?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-6755 ,CVE-2015-2808 ,CVE-2015-1979 ,CVE-2015-4000 ,CVE-2014-8176 ,CVE-2015-1788 ,CVE-2015-1789 ,CVE-2015-1790 ,CVE-2015-1791 and CVE-2015-1792. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-07-02 |