Home Unlabelled IBM Security Bulletin: IBM Development Package for Apache Spark is affected by an Eclipse Jetty vulnerability

IBM Security Bulletin: IBM Development Package for Apache Spark is affected by an Eclipse Jetty vulnerability

By
Monday, August 07, 2017
Read
Add Comment

IBM Development Package for Apache Spark addresses the following vulnerability by updating the affected component. The primary role of Jetty within Apache Spark is to provide the Web UI via http, or optionally via https. This https communication channel is encrypted using a server-side keystore, which should be protected with a password. The Jetty vulnerability is an algorithm that exposes a tractable brute force attack against this password.

CVE(s): CVE-2017-9735

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uyXi7K
X-Force Database: http://ift.tt/2uivKbI

The post IBM Security Bulletin: IBM Development Package for Apache Spark is affected by an Eclipse Jetty vulnerability appeared first on IBM PSIRT Blog.

Affected IBM Development Package for Apache SparkAffected Versions
IBM Development Package for Apache Spark v2.xVersion 2.0.0.0 – 2.1.1.0
IBM Development Package for Apache Spark v1.xAll versions


from IBM Product Security Incident Response Team http://ift.tt/2uzCkG4
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us