Flash (Alert)
Abstract
Infosphere BigInsights web console uses IBM's WebSphere Application Server Community Edition, and therefore is susceptible to a Denial of Service vulnerability.
Content
A denial of service vulnerability was discovered in the Apache Tomcat web container embedded in WebSphere Application Server Community Edition, which is part of InfoSphere BigInsights. A specially crafted request with many parameters sent to a web endpoint can cause the denial of service.
Follow the instructions below to apply a fix for your version of WebSphere Application Server Community Edition:
1. For the users of WebSphere Application Server Community Edition v3.0.0.0, apply the fix by following the "A Tomcat fix for WAS Community Edition v3.0.0.0" article.
2. For the users of WebSphere Application Server Community Edition v2.1.x.x, upgrade WebSphere Application Server Community Edition to version 2.1.1.6. Please refer to the download URL in the Related Information section.
3. For the users of WebSphere Application Server Community Edition v1.1.x.x with extended support contract, please contact IBM Support to require the patch.
This issue is fixed in Versions 1.4.0.1 and 1.3.0.2 of BigInsights.
Related information
tomcat fix for WAS Community Edition v3.0.0.0
WAS Community Edition v2.1.1.6 Download URL
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.