IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server

Jan 15, 2019 9:00 am EST

Categorized: Medium Severity

Share this post:

Three Eclipse Jetty request smuggling vulnerabilities were addressed by IBM Sterling External Authentication Server.

CVE(s): CVE-2017-7656, CVE-2017-7657, CVE-2017-7658

Affected product(s) and affected version(s):

IBM Sterling External Authentication Server 2.4.3 through 2.4.3.2 iFix 2

IBM Sterling External Authentication Server 2.4.2 through 2.4.2 iFix 11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10792117
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145520
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145522

from IBM Product Security Incident Response Team https://ibm.co/2HeEeay