Flash (Alert)
Abstract
For some IBM Rational Software products, including IBM Rational DOORS Web Access (DWA), there is a potential Denial of Service (DoS) security exposure when using Web based applications hosted on Apache Tomcat due to Java HashTable implementation vulnerability.
Content
DOORS Web Access is deployed on Apache Tomcat 6.0.32 or earlier and is therefore impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.
You are advised to update to version 6.0.35 to protect against this vulnerability. The download can be found here: http://tomcat.apache.org/download-60.cgi#6.0.35
Instructions for updating the bundled Tomcat server can be found here:
1580689: How to upgrade Tomcat bundled with the IBM Rational DOORS Web Access server
Reference: CVE-2011-4858: Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Related information
A Japanese translation is available
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.