Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3507 TXSeries for Multiplatforms is affected by a denial of service vulnerability 16 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM TXSeries Publisher: IBM Operating System: Linux variants HP-UX Solaris AIX Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-4046 Reference: ESB-2019.2381 ESB-2019.1161 ESB-2018.0660.10 Original Bulletin: https://www.ibm.com/support/pages/security-bulletin-txseries-multiplatforms-affected-denial-service-vulnerability - --------------------------BEGIN INCLUDED TEXT-------------------- TXSeries for Multiplatforms is affected by a denial of service vulnerability Document Information Modified date: 13 September 2019 UID: ibm11073352 Summary TXSeries for Multiplatforms has addressed the following vulnerability: CVE-2019-4046 . Vulnerability Details CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156242 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM TXSeries for Multiplatforms 9.1.0.0 IBM TXSeries for Multiplatforms 8.2.0.0 - 8.2.0.2 IBM TXSeries for Multiplatforms 8.1.0.0 - 8.1.0.2 Remediation/Fixes +-------------------------------------------------------------------------------------------+ |Product |Version |Defect|Remediation / First Fix | |----------------+-----------+------+-------------------------------------------------------| |IBM TXSeries for| | |http://www.ibm.com/support/fixcentral/quickorder? | |Multiplatforms |9.1.0.0 |125954|product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms& | |v9.1 | | |fixids=TXSeries_9.1_SpecialFix&source=SAR | |----------------+-----------+------+-------------------------------------------------------| |IBM TXSeries for|8.2.0.0, | |http://www.ibm.com/support/fixcentral/quickorder? | |Multiplatforms |8.2.0.1, |125954|product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms& | |v8.2 |8.2.0.2 | |fixids=TXSeries_8.2_SpecialFix&source=SAR | |----------------+-----------+------+-------------------------------------------------------| |IBM TXSeries for|8.1.0.0, | |http://www.ibm.com/support/fixcentral/quickorder? | |Multiplatforms |8.1.0.1, |125954|product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms& | |v8.1 |8.1.0.2 | |fixids=TXSeries_8.1_SpecialFix&source=SAR | +-------------------------------------------------------------------------------------------+ Workarounds and Mitigations None Change History created on 09/12/2019 - 06:16 by Jithesh Moothoor - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXX8GQ2aOgq3Tt24GAQh4sQ/9G5V+BTYJtaRolCiILZaOFkNhZk/u8AVS aaz6/ZbtuuL9KOGRAKj+qnMdNbP9jTOgmxRDjAxOfnd2soqjT1n5gYBfUC3c19VV 1Ij5tASh6RBte4F3heOWQexElsv121r0MMZ8MP4hvDsyLfZiVUamAr7cn8Kta588 H9TIec6PuBB3XWOXFUv4PlOVsVQHMQjRHsojV+dA2bD3+rVe5wRTQ5CpWpA92sO/ dDaEZWa+o7DJ0skK/DJPST/M5VdlYoEN9HG2bXMbNxTGoR664ucM1spqEzrTDQxy 6ZxHW849pBQlVkt0QaqUqx+GMTtuvJrRo3L9ja3YnzNYl8mjT5ou0tVUPly6hgeR z14qxo0gkgd3hOTUEM2jaz9a08QV2Mbw7xnociX9+zY79c9PigYaevjmVVNmf6fC YxazhypzAUc0GDQMRWO35wy6QeuwVL3wZ8fdWmNg+e0a9uurOhkuilC3lbymLk4T WYA/qvjEO9ynkVGPbp2ujXgju/Sf3E4V7DRxkMarYd3aqGhJOAzg9ngeN5hAbO7C T50M8OuPtYvAKw3CAG0rvw7aB6aB96PQEnNFtA0XtEqgB/+2xQgLpZkYtccIgpLP T4MbknFo8HpCnS/xIyGycgxolmM3rlFbl8PagFVAwhnBfUjd0hanX+tu7kLOMavd 4CQpZJpGc0o= =EwxP -----END PGP SIGNATURE-----