The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IBM Java: denial of service via Secure Socket Extension

Synthesis of the vulnerability 

An attacker can generate a fatal error in Secure Socket Extension of IBM Java, in order to trigger a denial of service.
Vulnerable software: AIX, Domino by IBM, Notes by IBM, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ.
Severity of this announce: 2/4.
Creation date: 22/09/2015.
Références of this computer vulnerability: 1902260, 1903541, 1903704, 1966551, 1967498, 1968485, CVE-2015-1916, VIGILANCE-VUL-17953.

Description of the vulnerability 

An attacker can generate a fatal error in Secure Socket Extension of IBM Java, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as AIX, Domino by IBM, Notes by IBM, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

IBM AIX: patch for Java.
The announce states the URLs of the applicable patch for each version of the SDK.

IBM Notes, Domino: patch for Java 6.
A patch is available:
  version 9.0.1.x: http://www-01.ibm.com/support/docview.wss?uid=swg21657963
  version 8.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg21663874

IBM Tiivoli Directory Server: patch for Java.
A patch is available in information sources.

IBM Tivoli Storage Manager for Virtual Environments: patch for IBM Java.
A patch is indicated in information sources.

IBM Tivoli Workload Scheduler: patch for Java.
A patch is indicated in information sources.

IBM WebSphere MQ: solution for Java.
The solution is indicated in information sources.

WebSphere AS: patch for Java.
Some patches ae available in information sources, to be chosen according to the version of WebSphere AS.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security bulletin. The technology watch team tracks security threats targeting the computer system.