Security Bulletin
Summary
Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498
Vulnerability Details
CVE-2011-1498
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Affected Products and Versions
IBM Spectrum LSF 10.0.0.5
IBM Spectrum LSF 10.0.0.6
IBM Spectrum LSF 10.0.0.7
Remediation/Fixes
|
Product |
VRMF |
APAR |
Remediation / First Fix |
|
LSF |
10.1.0.4 |
None |
See fix below |
|
LSF |
10.1.0.5 |
None |
See fix below |
|
LSF |
10.1.0.6 |
None |
See fix below |
|
LSF |
10.1.0.7 |
None |
See fix below |
Download Fix 512358 from the following location:
http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0
1) Go to the patch install directory: cd $LSF_ENVDIR/../10.1/install/
2) Copy the patch file to the install directory $LSF_ENVDIR/../10.1/install/
3) Run patchinstall: ./patchinstall <patch>
4) Run "badmin mbdrestart"
Get Notified about Future Security Bulletins
References
Change History
28 February 2019: Original version created
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
01 March 2019
UID
ibm10874270