OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs.
CVEID: CVE-2016-2842
**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to verify that a certain memory allocation succeeds by the doapr_outch function. A remote attacker could exploit this vulnerability using a specially crafted string to cause an out-of-bounds write or consume an overly large amount of resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111304 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Rational Application Developer for WebSphere Software v9.1 and v9.5
Update the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability:
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Rational Application Developer | 9.1.x and 9.5.x | PI59473 |
Installation instructions for applying the update to the Cordova platform in the product can be found here: