Java Security Vulnerability Alert (parseDouble vulnerability) - Information for Tivoli Netview 7.1.5.

Flash (Alert)


Abstract

A security vulnerability has been identified in the Java that is being shipped in the NetView products. The steps to remediate this issue are identified in this flash.

Content

This affects all shipped versions of NetView 7.1.5 at all support levels. To remediate this issue go to the following website:

http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

Got to the Patch availability section and download the jar file for the appropriate SDK/JRE level and platform. Place that file in a temporary directory (for example, java_fix_tempdir).

Go to the Verification section and download the ParseDoubleTest.jar file. It will be used to verify the existence of the vulnerability. Place the file in the same in temporary directory (i.e. java_fix_tempdir).

Download the IBM Update Installer (the link for it is provided within the same Patch availability section in the above URL). Unzip IBM Update Installer (to the java_fix_tempdir) and run the following command:
java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]

For example on Unix:
java -jar JavaUpdateInstaller.jar -install \java_fix_tempdir\PM31983_FIX_1.jar \usr\OV
Client-side JRE Requirements:
In addition to the above changes, users who run Tivoli NetView webconsole to access the Tivoli NetView Sever should also follow the above link to update the local WebConsole install.

Related information

IBM Related Fix: PM31983_FIX_1.jar

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli NetView

Software version:

7.1.5

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:

1468987

Modified date:

2011-02-22

Translate my page

Machine Translation

Content navigation