IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy

Three Jetty request smuggling vulnerabilities and an Apache ActiveMQ man-in-the-middle vulnerability were addressed by IBM Sterling Secure Proxy.

CVE(s): CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-11775

Affected product(s) and affected version(s):

IBM Sterling Secure Proxy 3.4.3 through 3.4.3.2 iFix 2

IBM Sterling Secure Proxy 3.4.2 through 3.4.2 iFix 15

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10792111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145520
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145522
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149705

The post IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2LWgV44