Question & Answer
When will the fix for Apache Ant DoS Vulnerability CVE-2012-2098 be available in WebSphere and Tivoli Integrated Portal?
The bzip2 compressing streams in Apache Ant internally use sorting
algorithms with unacceptable worst-case performance on very repetitive
inputs. A specially crafted input to Ants' <bzip2> task can be used to
make the process spend a very long time while using up all available
processing time effectively leading to a denial of service.
Vulnerability CVE-2012-2098 will be fixed in WebSphere 7.0.0 FP 31.
Was this topic helpful?
17 June 2018