Home Unlabelled IBM Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

IBM Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

By
Tuesday, December 27, 2016
Read
Add Comment

IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking, or redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the “HTTPOXY” vulnerability.

CVE(s): CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3wCJN
X-Force Database: http://ift.tt/2dv9ofZ
X-Force Database: http://ift.tt/2dNq4KV
X-Force Database: http://ift.tt/2dv8GPN



from IBM Product Security Incident Response Team http://ift.tt/2i3m9hK
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us