English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

IBM InfoSphere BigInsights Java and Jetty Denial of Service Vulnerabilities


Secunia ID

SA51586

CVE-ID

CVE-2011-4461, CVE-2012-0501

Release Date

18 Dec 2012

Last Change

20 Dec 2012

Criticality

Less Critical

Solution Status

Vendor Patch

Software

IBM InfoSphere BigInsights 1.x

Where

From local network

Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Description

IBM has acknowledged two vulnerabilities in IBM InfoSphere BigInsights, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) The application bundles a vulnerable version of Java.

For more information:
SA48009

2) The application bundles a vulnerable version of Jetty.

For more information:
SA47408

The vulnerabilities are reported in versions 1.1 through 1.4.

Solution

Apply Fix Pack or upgrade to version 2.0.

IBM InfoSphere BigInsights versions 1.1 and 1.2:
Upgrade to version 2.0.

IBM InfoSphere BigInsights versions 1.3 and 1.3.0.1:
Apply 1.3.0.2 Fix Pack.

IBM InfoSphere BigInsights version 1.4:
Apply 1.4.0.1 Fix Pack.

IBM InfoSphere BigInsights version 1.3.0.0 Power Linux:
Upgrade to version 2.0 for Power Linux.

Original Advisory

http://www.ibm.com/support/docview.wss?uid=swg21620330
http://www.ibm.com/support/docview.wss?uid=swg21620335