Multiple vulnerabilities in Apache HTTPD can cause denial of service and allow a remote attacker to bypass security restrictions and obtain sensitive information in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On.
A Vulnerability in the Memcached library used by the IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could permit a denial of service attack.
A Vulnerability in the OpenSSL library used by the IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could permit a a remote attacker to obtain sensitive information.
CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in mod_mime. By sending a specially crafted Content-Type response header, a remote attacker could exploit this vulnerability to read one byte past the end of a buffer.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127420> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-7668 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a buffer overread in the ap_find_token() function. By sending a specially crafted sequence of request headers, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127419> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3169 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a NULL pointer dereference in mod_ssl. By sending a specially crafted HTTP request to an HTTPS port, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127417> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-9951 DESCRIPTION: Memcached is vulnerable to a denial of service, caused by a heap-based buffer over-read in the try_read_command function. By sending a request to add/set a key, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128607> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01.
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
|
16.1.01
|
<https://www-945.ibm.com/support/fixcentral>
To download hybrid installer, one need to go to identify fixes page of fix central & in ‘Individual fix IDs’ field need to enter value in format 'FixID:AccessKey" where FixID is 9.0.2.5359_TLTransport_MSI_Hybrid and access key will vary for each customer. An unique access key for each applicable customer can be generated on demand.
Access to local networks containing networked Tealeaf servers should be limited to avoid unauthorized access to or disruption of Tealeaf services.
Access to PCA systems should be limited as much as possible