IBM Support

TIP/eWAS fix for Apache Ant DoS Vulnerability CVE-2012-2098

Question & Answer


When will the fix for Apache Ant DoS Vulnerability CVE-2012-2098 be available in WebSphere and Tivoli Integrated Portal?


The bzip2 compressing streams in Apache Ant internally use sorting
algorithms with unacceptable worst-case performance on very repetitive
inputs. A specially crafted input to Ants' <bzip2> task can be used to
make the process spend a very long time while using up all available
processing time effectively leading to a denial of service.


Vulnerability CVE-2012-2098 will be fixed in WebSphere 7.0.0 FP 31.

[{"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Tivoli Integrated Portal (TIP)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1;2.1;2.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018