IBM Security Bulletin: Vulnerability in legacy component distributed in IBM Development Package for Apache Spark (CVE-2012-5783)

The Jakarta Commons httpclient version 3.x is known to be vulnerable to SSL spoofing, and is included in the IBM Development Package for Apache Spark, primarily to provide legacy support for Hadoop 2.2. A patch is applied to Jakarta Commons httpclient version 3.1 to fix the vulnerability. Note: the IBM Development Package for Apache Spark version 1.x provides support for Hadoop 2.6, which does not exercise this vulnerability. The IBM Development Package for Apache Spark version 2.x provides support for Hadoop 2.7.x, which also does not exercise this vulnerability.

CVE(s): CVE-2012-5783

Affected product(s) and affected version(s):

IBM Development Package for Apache Spark 1.6.2.0 and earlier releases.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bViwn3
X-Force Database: http://ift.tt/2bWzfeC



from IBM Product Security Incident Response Team http://ift.tt/2bViVGd