Medium Severity

IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)

Share this post:

API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources.

CVE(s): CVE-2016-1000232

Affected product(s) and affected version(s):

Affected API Connect Affected Versions
IBM API Connect 5.0.6.0-5.0.6.5
IBM API Connect 5.0.7.0-5.0.7.2
IBM API Connect 5.0.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013088
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119038

More stories

IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006)

Feb 19, 2019 9:00 am EST | Medium Severity

IBM Robotic Process Automation with Automation Anywhere is vulnerable to directory traversal CVE(s): CVE-2018-2006 Affected product(s) and affected version(s): IBM Robotic Process Automation with Automation Anywhere Affected Versions IBM Robotic Process Automation with Automation Anywhere 11.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10794133X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155008 ...read more


IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931

Feb 19, 2019 9:00 am EST | Medium Severity

Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code ...read more


IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability

Feb 19, 2019 9:00 am EST | Medium Severity

IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2018-1901 CVE(s): CVE-2018-1901 Affected product(s) and affected version(s):IBM Cloud Transformation Advisor Continuous Delivery Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10871892X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152530 ...read more