Fixes are available
APAR status
Closed as program error.
Error description
SSL could allow a remote attacker to obtain sensitive information, caused by a memory leak in a malformed X509_ATTRIBUTE structure (CVE-2015-3195).
Local fix
Problem summary
SSL vulnerabilities disclosed on December 3rd, 2015 include CVE-2015-3195 and CVE-2015-1794. IBM DataPower Gateways releases 7.0.0.x up to 7.0.0.12 and 7.1.0.x up to 7.1.0.9 are affected by these CVEs. SSL could allow a remote attacker to obtain sensitive information, caused by a memory leak (CVE-2015-3195). SSL is vulnerable to a denial of service, caused by a client cipher suite error (CVE-2015-1794).
Problem conclusion
Fixes are available in 7.0.0.13 and 7.1.0.10. For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT14231
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-09
Closed date
2016-05-13
Last modified date
2016-05-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R700 PSY
UP
R710 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.0"}]
Document Information
Modified date:
26 September 2021