Collisions in HashTable May Cause DoS Vulnerability

PROBLEM DESCRIPTION:

Customers who are running Rational Build Forge and/or Rational Automation Framework are vulnerable to a potential performance degradation or Denial of Service (DoS) issue.

USERS AFFECTED:

All users of Rational Build Forge and Rational Automation Framework.

RECOMMENDATION:

For customers using the Apache Tomcat Java Application Server provided by IBM, please refer to the following technotes, and follow the sections for upgrading your Tomcat install.

If you are running Rational Build Forge 7.0.2.7, 7.1.2.2.1, or 7.1.3.0, or older releases in those streams, follow the directions directly.

If you are running Rational Build Forge 7.1.3.1 or 7.1.2.3, install Tomcat version 7.0.23 (or later) instead of the noted 5.5.x as outlined in the note. The instructions are otherwise the same.

Attempting to use Tomcat 7.0.x with Rational Build Forge installs that shipped with Tomcat 5.5.9 will result in a non-functional install.

• For UNIX/Linux customers, technote 1499971: Upgrading Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Linux and UNIX systems
  
• For Windows customers, technote 1497950: How to upgrade the Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Windows

More information about the vulnerability in Tomcat:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022

For customers using the IBM WebSphere Application Server, refer the following document for more information about the APAR: 4031821 - PM53930: Collisions in HashTable May Cause DoS Vulnerability