Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. OpenSource Apache Tomcat is used by IBM Algorithmics Counterparty Credit Risk
CVEID: CVE-2015-5345**
DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-5346**
DESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user’s session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user’s account and possibly launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Algo One Versions 5.0.0 through 5.1.0
Patch Number
| Download URL
—|—
Algo One Core 510-071| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.1-Algo-OneIMCR-RHEL-gf0001:0&includeSupersedes=0&source=fc&login=true
Algo One Core 500-311| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-Algo-OneCCR-gf0005:0&includeSupersedes=0&source=fc&login=true