Flash:
There are multiple security vulnerabilities identified in the IBM Java Runtime Environment component of IBM Rational Performance Tester. Patches for these vulnerabilities are available in IBM JRE 7 (SR4).
VULNERABILITY DETAILS
CVID: CVE-2013-0440
Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799
CVID: CVE-2013-0443 – Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801
[sociallocker][/sociallocker]
CVID: CVE-2013-0169 – The TLS protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, also known as the “Lucky Thirteen” issue.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81902
Operating system(s):
AIX, Linux, Windows
AFFECTED PLATFORMS:
IBM JRE provided by Rational Performance Tester versions earlier than 8.3.0.3 on all platforms.
Please to upgrade to Rational Performance Tester Version 8.3.0.3. Rational Performance Tester Version 8.3.0.3 provides IBM JRE 7 SR4 that fixes these issues.
Apply Fix Pack 8.3.0.3.
For more details, please visit:
- Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
- On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
- CVE-2013-0440 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
- X-ForceVulnerability Database – 81799 (http://xforce.iss.net/xforce/xfdb/81799)
- CVE-2013-0443 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
- X-ForceVulnerability Database – 81801 (http://xforce.iss.net/xforce/xfdb/81801)
- CVE-2013-0169 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
- X-ForceVulnerability Database – 81902 (http://xforce.iss.net/xforce/xfdb/81902)
Document Information
Thanks for visiting QAInsights! Check out our new portal Testifications.com to get updates on Software Testing related certifications. We’re always posting interesting articles on QAInsights. I request you to subscribe so you don’t miss out anything.
Searching for QA Jobs Openings, check it at www.QAJobOpenings.com
Want to start a blog like this, please visit SpidyDomain to buy cheap web hosting and register domain
Subscribe to our QAInsights YouTube Channel
Subscribe our free weekly newsletter or Google feeds