IBM Check out the new support experience beta

There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server.

CVE(s): CVE-2016-2923, CVE-2016-2945, CVE-2016-0359

Affected product(s) and affected version(s):

This vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v2.9.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28YBTM1
X-Force Database: http://ift.tt/28XWbJc
X-Force Database:
X-Force Database: http://ift.tt/28YBUiZ



from IBM Product Security Incident Response Team http://ift.tt/28YC8GX