Medium Severity

IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)

Share this post:

API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources.

CVE(s): CVE-2016-1000232

Affected product(s) and affected version(s):

Affected API Connect Affected Versions
IBM API Connect 5.0.6.0-5.0.6.5
IBM API Connect 5.0.7.0-5.0.7.2
IBM API Connect 5.0.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013088
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119038

More stories

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)

Apr 18, 2019 9:01 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on October 30, 2018 (CVE-2018-0734) and November 02, 2018 (CVE-2018-5407) by the OpenSSL Project. OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs. CVE(s): CVE-2018-0734, CVE-2018-5407 Affected product(s) and affected version(s): IBM Sterling Connect:Express for UNIX 1.5.0.15 All versions prior to and including ...read more


IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729)

Apr 18, 2019 9:00 am EDT | Medium Severity

The product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. CVE(s): CVE-2018-1729 Affected product(s) and affected version(s):IBM QRadar SIEM 7.3.0 – 7.3.2 GA Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881546X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147708 ...read more


IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to publicly disclosed vulnerabilities from [All] Python (CVE-2018-1060, CVE-2018-1061)

Apr 18, 2019 9:00 am EDT | Medium Severity

Python as used by IBM QRadar Network Packet Capture is vulnerable to a denial of service CVE(s): CVE-2018-1060, CVE-2018-1061 Affected product(s) and affected version(s):IBM Security QRadar Packet Capture 7.2.0 – 7.2.8 Patch 2 IBM Security QRadar Packet Capture 7.3.0 – 7.3.1 Patch 2 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more