Home Unlabelled IBM Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919)

IBM Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919)

By
Saturday, February 10, 2018
Read
Add Comment

IBM API Connect has addressed the following vulnerability.  Node.js is vulnerable to a denial of service, caused by an uncaught exception flaw in the zlib module. By making 8 an invalid value for the windowBits parameter, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE(s): CVE-2017-14919

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013168
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134286

The post IBM Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919) appeared first on IBM PSIRT Blog.

Affected API ConnectAffected Versions
IBM API Connect5.0.0.0-5.0.6.4
IBM API Connect5.0.7.0-5.0.7.2
IBM API Connect5.0.8.0-5.0.8.1


from IBM Product Security Incident Response Team http://ift.tt/2EdK5em
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us