Potential Security Exposure: IBM WebSphere Commerce using Tivoli Directory Server

Technote (troubleshooting)


Problem(Abstract)

There is a potential security exposure in Tivoli Directory Server (TDS) that could affect WebSphere Commerce users.

A malicious LDAP request might cause a buffer overrun in the server, potentially allowing a remote attacker to execute arbitrary code within Tivoli Directory Server's server process. Authentication is
not required to exploit this vulnerability. The vulnerability could affect WebSphere Commerce V6.0 or V7.0 environments using TDS V5.x and V6.x for LDAP.

Resolving the problem

WebSphere Commerce environments using Tivoli Directory Server V5.x or V6.x for LDAP might be vulnerable.

The following versions are at risk:

WebSphere Commerce V6.0 which supports the use of TDS V5.1, V5.2, V6.0, and V6.1.

WebSphere Commerce V7.0 which supports the use of TDS V6.0, V6.1, and V6.2.

For full details on the problem and the available solutions, see the following Tivoli Directory Server document:

Security Vulnerability - CVE-2011-1206 - TDS Remote Code Execution


Related information

Security Vulnerability - CVE-2011-1206

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Commerce Enterprise
Security

Software version:

6.0, 7.0

Operating system(s):

AIX, Linux, Solaris, Windows, i5/OS

Software edition:

All Editions

Reference #:

1496972

Modified date:

2012-12-11

Translate my page

Machine Translation

Content navigation