Vulnerability Detected: 184.108.40.206:443 - OpenSSL Overflow Via Invalid Certificate Passing
In IBM® Rational® RequisitePro® RequisiteWeb a buffer overflow occurs when the server is sent more data than the application can handle. When this occurs, an application can behave in unintended ways, giving remote users control of a device and/or application, or causing a denial of service.
This issue is caused by a defect that exists with OpenSSL which has been resolved in IBM Rational RequisitePro RequisiteWeb version 7.0.
Resolving the problem
RequisitePro version 7.0 no longer uses OpenSSL instead the Rational Web Platform (RWP) will be using IBMSSL.
If you have existing certificate key files and you want to import them into the new RWP IBM Key Management (CMS format) data store, you must follow the steps documented in the "Converting Open SSL certificates to IBM SSL" section of Appendix A in the Rational RequistePro Installation and Upgrade guide.
For additional information regarding OpenSSL, please refer to the following link: http://www.openssl.org/news/secadv_20030930.txt
|Documentation for the version 7.0||Publication #|
|IBM Rational RequisitePro Installation and Upgrade Guide, 7.0, Windows||GI11-6381-00|
|IBM Rational RequisitePro Release Notes, 7.0, Windows||GI11-6382-00|
More support for:
Software version: 7.0, 2003.06.00, 2003.06.01, 2003.06.10, 2003.06.12, 2003.06.13, 2003.06.14, 2003.06.15
Operating system(s): Windows
Reference #: 1247112
Modified date: 03 October 2006