Denial of service vulnerability in the Web Console of Infosphere BigInsights

Flash (Alert)


Abstract

Infosphere BigInsights web console uses IBM's WebSphere Application Server Community Edition, and therefore is susceptible to a Denial of Service vulnerability.










Content

A denial of service vulnerability was discovered in the Apache Tomcat web container embedded in WebSphere Application Server Community Edition, which is part of InfoSphere BigInsights. A specially crafted request with many parameters sent to a web endpoint can cause the denial of service.

Follow the instructions below to apply a fix for your version of WebSphere Application Server Community Edition:

1. For the users of WebSphere Application Server Community Edition v3.0.0.0, apply the fix by following the "A Tomcat fix for WAS Community Edition v3.0.0.0" article.
2. For the users of WebSphere Application Server Community Edition v2.1.x.x, upgrade WebSphere Application Server Community Edition to version 2.1.1.6. Please refer to the download URL in the Related Information section.
3. For the users of WebSphere Application Server Community Edition v1.1.x.x with extended support contract, please contact IBM Support to require the patch.

This issue is fixed in Versions 1.4.0.1 and 1.3.0.2 of BigInsights.

Related information

tomcat fix for WAS Community Edition v3.0.0.0
WAS Community Edition v2.1.1.6 Download URL

Rate this page:

(0 users)Average rating

Document information


More support for:

InfoSphere BigInsights
Web Console

Software version:

1.1.0, 1.2.0, 1.3.0, 1.4.0

Operating system(s):

Linux Red Hat - xSeries, Linux SUSE - xSeries

Software edition:

Basic Edition, Enterprise Edition

Reference #:

1596904

Modified date:

2012-08-31

Translate my page

Machine Translation

Content navigation