There are multiple security vulnerabilities identified in the IBM Java Runtime Environment component of IBM Rational Performance Tester. Patches for these vulnerabilities are available in IBM JRE 7 (SR4).
Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799
CVID: CVE-2013-0443 – Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801
CVID: CVE-2013-0169 – The TLS protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, also known as the “Lucky Thirteen” issue.
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81902
AIX, Linux, Windows
IBM JRE provided by Rational Performance Tester versions earlier than 188.8.131.52 on all platforms.
Please to upgrade to Rational Performance Tester Version 184.108.40.206. Rational Performance Tester Version 220.127.116.11 provides IBM JRE 7 SR4 that fixes these issues.
Apply Fix Pack 18.104.22.168.
For more details, please visit:
- Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
- On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
- CVE-2013-0440 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
- X-ForceVulnerability Database – 81799 (http://xforce.iss.net/xforce/xfdb/81799)
- CVE-2013-0443 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
- X-ForceVulnerability Database – 81801 (http://xforce.iss.net/xforce/xfdb/81801)
- CVE-2013-0169 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
- X-ForceVulnerability Database – 81902 (http://xforce.iss.net/xforce/xfdb/81902)
Thanks for visiting QAInsights! Check out our new portal Testifications.com to get updates on Software Testing related certifications. We’re always posting interesting articles on QAInsights. I request you to subscribe so you don’t miss out anything.
Searching for QA Jobs Openings, check it at www.QAJobOpenings.com
Want to start a blog like this, please visit SpidyDomain to buy cheap web hosting and register domain
Subscribe to our QAInsights YouTube Channel