IT18793: A VULNERABILITY IN SSL/TLS PROTOCOL IN IBM DATAPOWER GATEWAYS (CVE-2016-8610)
Fixes are available
Fix packs for DataPower Service Gateway version 7.0
Fix packs for DataPower B2B Appliance version 7.0
Fix packs for DataPower Integration Appliance version 7.0
Fix packs for DataPower Gateway version 7.1
Fix packs for DataPower Gateway version 7.2
Fix packs for DataPower Gateway version 7.5
Fix packs for DataPower Gateway version 7.5.1
Fix packs for DataPower Gateway version 7.5.2
Closed as program error.
Possible denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to consume all available memory resources (CVE-2016-8610).
SSL vulnerabilities disclosed on December 13th, 2016 include CVE-2016-8610. IBM DataPower Gateways releases 7.0.0.x up to 7.5.2.x are affected by this CVE. SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake (CVE-2016-8610).
Fixes are available in 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199 and 188.8.131.52 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels