Fixes are available
APAR status
Closed as program error.
Error description
Error description: Node.js is susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js.
Local fix
Problem summary
IBM DataPower Gateways has addressed a possible Denial of Service vulnerability in Node.js (CVE-2017-11499)
Problem conclusion
Fix is available in versions 7.0.0.20, 7.1.0.19, and 7.2.0.16. For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT22120
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
760
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-08-23
Closed date
2017-09-20
Last modified date
2017-09-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R700 PSY
UP
R710 PSY
UP
R720 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"760"}]
Document Information
Modified date:
27 September 2021