Question & Answer
Question
When will the fix for Apache Ant DoS Vulnerability CVE-2012-2098 be available in WebSphere and Tivoli Integrated Portal?
Cause
The bzip2 compressing streams in Apache Ant internally use sorting
algorithms with unacceptable worst-case performance on very repetitive
inputs. A specially crafted input to Ants' <bzip2> task can be used to
make the process spend a very long time while using up all available
processing time effectively leading to a denial of service.
Answer
Vulnerability CVE-2012-2098 will be fixed in WebSphere 7.0.0 FP 31.
[{"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Tivoli Integrated Portal (TIP)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1;2.1;2.2","Edition":"","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21639723