Direct link to fix
APAR status
Closed as fixed if next.
Error description
Vulnerability detected in HTTP Server adapter. This vulnerability can lead to connection resource exhaustion which renders the application unresponsive.
Local fix
STRRTC - 445884 PSIRT - 2372 CVE-2014-6199 GUB / GUB Circumvention: None
Problem summary
Users Affected: Sterling B2B Integrator V5104_3 and higher Sterling B2B Integrator V5.2.4.2_2 and higher PROBLEM DESCRIPTION: Sterling B2B Integrator and Sterling File Gateway are vulnerable to a denial of service. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the system to run out of connections and deny new connection requests. PLATFORMS AFFECTED: All
Problem conclusion
Resolution Summary: Code fix delivered. See the Security Bulletin for more information:http://www.ibm.com/support/docview.wss?rs=2310&uid=s wg21693131 DELIVERED_IN: 5104_6 5020402_5 5020500_1
Temporary fix
Comments
APAR Information
APAR number
IT05121
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
510
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-10-23
Closed date
2014-12-12
Last modified date
2015-05-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R510 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
01 May 2015