IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675)

Apache Tomcat could provide weaker than expected security, caused by the failure to add an HTTP Vary header (CVE-2017-7674). Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw in the HTTP/2 implementation (CVE-2017-7675).

CVE(s): CVE-2017-7674, CVE-2017-7675

Affected product(s) and affected version(s):

IBM Algo One – Algo Risk Application v4.9.1.0, 4.9.1.1, 5.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hB23JW
X-Force Database: http://ift.tt/2yKilHk
X-Force Database: http://ift.tt/2gAbb1z

The post IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2zQiYTl