IT01111: SECURITY CVE-2014-0852 SSL/TLS SIDE CHANNEL DECRYPTION VULNERABILITY
Fixes are available
Fix packs for DataPower B2B Appliance version 6.0
Fix packs for DataPower Integration Appliance version 6.0
Fix packs for DataPower Service Gateway version 6.0
Fix packs for DataPower Service Gateway version 6.0.1
Fix packs for DataPower B2B Appliance version 6.0.1
Fix packs for DataPower Integration Appliance version 6.0.1
Closed as program error.
Using side channel timing based analysis it might be possible to decrypt a secret SSL/TLS session key of a sniffed session of a DataPower device.
DataPower appliances might be subject to side channel timing based attacks resulting in the decryption of an SSL/TLS secured transaction. This can only occur if the attacker is on the same LAN network as the DataPower device. The attacker has to send several million requests to DataPower and monitor the responses.
Fix is available in 126.96.36.199, 188.8.131.52, and 184.108.40.206. For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels