Home Unlabelled IBM Security Bulletin: Vulnerability in legacy component distributed in IBM Development Package for Apache Spark (CVE-2012-5783)

IBM Security Bulletin: Vulnerability in legacy component distributed in IBM Development Package for Apache Spark (CVE-2012-5783)

By
Thursday, September 08, 2016
Read
Add Comment

The Jakarta Commons httpclient version 3.x is known to be vulnerable to SSL spoofing, and is included in the IBM Development Package for Apache Spark, primarily to provide legacy support for Hadoop 2.2. A patch is applied to Jakarta Commons httpclient version 3.1 to fix the vulnerability. Note: the IBM Development Package for Apache Spark version 1.x provides support for Hadoop 2.6, which does not exercise this vulnerability. The IBM Development Package for Apache Spark version 2.x provides support for Hadoop 2.7.x, which also does not exercise this vulnerability.

CVE(s): CVE-2012-5783

Affected product(s) and affected version(s):

IBM Development Package for Apache Spark 1.6.2.0 and earlier releases.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bViwn3
X-Force Database: http://ift.tt/2bWzfeC



from IBM Product Security Incident Response Team http://ift.tt/2bViVGd
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us