Flashes (Alerts)
Abstract
Maximo products using WebShere and IBM HTTP Server are exposed to potential security exposure (PM46234) (CVE-2011-3192).
Content
Maximo products using WebShere and IBM HTTP Server are exposed to potential security exploit (PM46234) (CVE-2011-3192).
This exploit allows HTTP requests using byte ranges to contain ranges larger than the size of the file being served. Performing a significant number of these requests can result in a denial of service.
All customers using IBM HTTP Server should review the following IBM HTTP Server Flash for the most up-to date information:
http://www.ibm.com/support/docview.wss?uid=swg21512087&myns=swgws&mynp=OCSSCKBL&mynp=OCSS7K4U&mynp=OCSSEQTJ&mync=E
To determine the version of software you are using, log into the WebSphere administrative console and view the Welcome page.
Review the table below for product version association information:
Maximo 6.2.0 through 6.2.7
Maximo Base Services 7.1.1.0 through 7.1.1.8
Maximo Base Services 7.50
This exploit allows HTTP requests using byte ranges to contain ranges larger than the size of the file being served. Performing a significant number of these requests can result in a denial of service.
All customers using IBM HTTP Server should review the following IBM HTTP Server Flash for the most up-to date information:
http://www.ibm.com/support/docview.wss?uid=swg21512087&myns=swgws&mynp=OCSSCKBL&mynp=OCSS7K4U&mynp=OCSSEQTJ&mync=E
To determine the version of software you are using, log into the WebSphere administrative console and view the Welcome page.
Review the table below for product version association information:
Maximo 6.2.0 through 6.2.7
|
Maximo Release
|
IBM WebSphere / IBM HTTP Server version
|
|---|---|
|
6.0.0
|
6.0.0.2 |
|
6.1.0
|
6.0.0.11 |
|
6.2.0
|
6.0.0.11 |
|
6.2.1
|
6.0.0.11 |
|
6.2.2
|
6.0.0.23 |
|
6.2.3
|
6.0.0.23 |
|
6.2.4
|
6.0.0.23 |
|
6.2.5
|
6.0.0.23 |
|
6.2.6
|
6.0.2.39 – 6.1.0.29 |
|
6.2.7
|
6.0.2.39 – 6.1.0.29 |
Maximo Base Services 7.1.1.0 through 7.1.1.8
|
Maximo Release
|
IBM WebSphere / IBM HTTP Server version
|
|---|---|
|
7.1.1.0
|
6.1.0.17 – 6.1.0.19 |
|
7.1.1.1
|
6.1.0.17 – 6.1.0.19 |
|
7.1.1.2
|
6.1.0.17 – 6.1.0.19 |
|
7.1.1.3
|
6.1.0.17 – 6.1.0.19 |
|
7.1.1.4
|
6.1.0.17 – 6.1.0.19 |
|
7.1.1.5
|
6.1.0.23 |
|
7.1.1.6
|
6.1.0.23 – 6.1.0.31 |
|
7.1.1.7
|
6.1.0.23 – 6.1.0.33 |
Maximo Base Services 7.50
|
Maximo Release
|
IBM WebSphere / IBM HTTP Server version
|
|---|---|
|
7.5.0
|
7.0.0.15 |
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKTXT","label":"Tivoli Change and Configuration Management Database"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.2.1"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.2.1;7.5"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSLKTY","label":"Maximo Asset Management for IT"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"}],"Version":"7.2;7.2.1;7.2.2"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6HJK","label":"Tivoli Service Request Manager"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Windows 2003 server"},{"code":"","label":"Windows 2008 server"}],"Version":"7.2;7.2.1"}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21515311