Home Unlabelled IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.

IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.

By
Tuesday, April 18, 2017
Read
Add Comment

Apr 18, 2017 10:00 am EDT

Categorized: Medium Severity

Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicious party, an attacker could exploit this vulnerability to obtain e-mail addresses, social security numbers, and other small pieces of encrypted data. Note: This vulnerability is also known as a HEIST attack.

CVE(s): CVE-2016-7152, CVE-2016-7153

Affected product(s) and affected version(s):

IBM Application Performance Management 8.1.3

IBM Application Performance Management Advanced 8.1.3

IBM Cloud Application Performance Management

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2opdh5i
X-Force Database: http://ift.tt/2nZhTnt
X-Force Database: http://ift.tt/2ooVueK



from IBM Product Security Incident Response Team http://ift.tt/2nZ1e3u
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us