Home Unlabelled IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933)

IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933)

By
Tuesday, March 07, 2017
Read
Add Comment

A vulnerability has been resolved in the Basic Services component of IBM Tivoli Monitoring in which the Firewall (Proxy) Gateway was vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass.

CVE(s): CVE-2016-5933

Affected product(s) and affected version(s):

IBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 9

IBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 5

IBM Tivoli Monitoring version 6.3.0 through 6.3.0 Fix Pack 7

This issue could apply to any component if and only if the firewall gateway feature is activated. By default the firewall gateway feature is not activated and typically it should only be activated on an endpoint (Agent only) system.

For details on the firewall gateway feature, See: http://ift.tt/2mB4PmI

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2meCro4
X-Force Database: http://ift.tt/2mBd3eJ

The post IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2mePp4Y
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us