TIP/eWAS fix for Apache Ant DoS Vulnerability CVE-2012-2098

Question & Answer

Question

When will the fix for Apache Ant DoS Vulnerability CVE-2012-2098 be available in WebSphere and Tivoli Integrated Portal?

Cause

The bzip2 compressing streams in Apache Ant internally use sorting
algorithms with unacceptable worst-case performance on very repetitive
inputs. A specially crafted input to Ants' <bzip2> task can be used to
make the process spend a very long time while using up all available
processing time effectively leading to a denial of service.

Answer

Vulnerability CVE-2012-2098 will be fixed in WebSphere 7.0.0 FP 31.

[{"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Tivoli Integrated Portal (TIP)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1;2.1;2.2","Edition":"","Line of Business":{"code":"","label":""}}]

Tips

TIP/eWAS fix for Apache Ant DoS Vulnerability CVE-2012-2098

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?