Potential Denial of Service (Dos) security exposure when using IBM Rational Build Forge or IBM Rational Automation Framework (RAF), or both Build Forge and RAF, due to JavaHashTable implementation vulnerability.
Customers who are running Rational Build Forge and/or Rational Automation Framework are vulnerable to a potential performance degradation or Denial of Service (DoS) issue.
All users of Rational Build Forge and Rational Automation Framework.
For customers using the Apache Tomcat Java Application Server provided by IBM, please refer to the following technotes, and follow the sections for upgrading your Tomcat install.
If you are running Rational Build Forge 220.127.116.11, 18.104.22.168.1, or 22.214.171.124, or older releases in those streams, follow the directions directly.
If you are running Rational Build Forge 126.96.36.199 or 188.8.131.52, install Tomcat version 7.0.23 (or later) instead of the noted 5.5.x as outlined in the note. The instructions are otherwise the same.
Attempting to use Tomcat 7.0.x with Rational Build Forge installs that shipped with Tomcat 5.5.9 will result in a non-functional install.
- For UNIX/Linux customers, technote 1499971: Upgrading Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Linux and UNIX systems
- For Windows customers, technote 1497950: How to upgrade the Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Windows
More information about the vulnerability in Tomcat:
For customers using the IBM WebSphere Application Server, refer the following document for more information about the APAR: 4031821 - PM53930: Collisions in HashTable May Cause DoS Vulnerability
|Software Development||Rational Automation Framework||AIX, Linux, Solaris, Windows||3.0, 184.108.40.206|