Potential Denial of Service (Dos) security exposure when using IBM Rational Build Forge or IBM Rational Automation Framework (RAF), or both Build Forge and RAF, due to JavaHashTable implementation vulnerability.
Customers who are running Rational Build Forge and/or Rational Automation Framework are vulnerable to a potential performance degradation or Denial of Service (DoS) issue.
All users of Rational Build Forge and Rational Automation Framework.
For customers using the Apache Tomcat Java Application Server provided by IBM, please refer to the following technotes, and follow the sections for upgrading your Tomcat install.
If you are running Rational Build Forge 22.214.171.124, 126.96.36.199.1, or 188.8.131.52, or older releases in those streams, follow the directions directly.
If you are running Rational Build Forge 184.108.40.206 or 220.127.116.11, install Tomcat version 7.0.23 (or later) instead of the noted 5.5.x as outlined in the note. The instructions are otherwise the same.
Attempting to use Tomcat 7.0.x with Rational Build Forge installs that shipped with Tomcat 5.5.9 will result in a non-functional install.
- For UNIX/Linux customers, technote 1499971: Upgrading Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Linux and UNIX systems
- For Windows customers, technote 1497950: How to upgrade the Apache, Tomcat and PHP layers as shipped with Rational Build Forge for Windows
More information about the vulnerability in Tomcat:
For customers using the IBM WebSphere Application Server, refer the following document for more information about the APAR: 4031821 - PM53930: Collisions in HashTable May Cause DoS Vulnerability
|Software Development||Rational Automation Framework||AIX, Linux, Solaris, Windows||3.0, 18.104.22.168|
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.