Vulnerability Detected: 170.23.146.40:443 - OpenSSL Overflow Via Invalid Certificate Passing

Technote (troubleshooting)


Problem(Abstract)

In IBM® Rational® RequisitePro® RequisiteWeb a buffer overflow occurs when the server is sent more data than the application can handle. When this occurs, an application can behave in unintended ways, giving remote users control of a device and/or application, or causing a denial of service.

Cause

This issue is caused by a defect that exists with OpenSSL which has been resolved in IBM Rational RequisitePro RequisiteWeb version 7.0.

Resolving the problem

RequisitePro version 7.0 no longer uses OpenSSL instead the Rational Web Platform (RWP) will be using IBMSSL.

If you have existing certificate key files and you want to import them into the new RWP IBM Key Management (CMS format) data store, you must follow the steps documented in the "Converting Open SSL certificates to IBM SSL" section of Appendix A in the Rational RequistePro Installation and Upgrade guide.

For additional information regarding OpenSSL, please refer to the following link: http://www.openssl.org/news/secadv_20030930.txt


Documentation for the version 7.0 Publication #
IBM Rational RequisitePro Installation and Upgrade Guide, 7.0, Windows GI11-6381-00
IBM Rational RequisitePro Release Notes, 7.0, Windows GI11-6382-00



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational RequisitePro
RequisiteWeb

Software version:

7.0, 2003.06.00, 2003.06.01, 2003.06.10, 2003.06.12, 2003.06.13, 2003.06.14, 2003.06.15

Operating system(s):

Windows

Reference #:

1247112

Modified date:

2006-10-03

Translate my page

Machine Translation

Content navigation