Boletines de Vulnerabilidades

IBM Security Bulletin: SSL/TLS side channel timing vulnerability on WebSphere DataPower (CVE-2014-0852)

Información sobre el sistema
   
Software afectado IBM

Descripción
DataPower appliances might be subject to side channel timing based attacks. CVE(s): CVE-2014-0852 Affected product(s) and affected version(s): Products: WebSphere DataPower SOA Appliances. Versions: All versions through 4.0.2.15, 5.0.0.17, 6.0.0.9, 6.0.1.5. Note that versions 7.0.0.0 and higher are not affected by this vulnerability. Hardware models: All platforms - 9004, 9005 and HS22 Blade. (9004 MTM - 9235-xxx; 9005 MTM - 7198 (1U) and 7199 (2U); HS22 - Integration Blade XI50B Type

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ssl_tls_side_channel_timing_vulnerability_on_websphere_datapower_cve_2014_0852?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-0852 ,CVE-2014-3069 ,CVE-2014-3020 and CVE-2014-0453.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-08-13

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT