Pages

Wednesday, April 18, 2012

New Flash: Possible security exposure on April 26, 2012, if using the Web Server Plug-in for WebSphere Application Server



AbstractSSL connections between the plug-in and WebSphere Application Server might fail or revert to non-SSL after the shipped version of the plugin-key.kdb password expires April 26, 2012 US EDT.  Note:  If you are using the WebSphere Key and Certificate Management generated plug-in key store you are NOT affected.   

CVE ID: CVE-2012-2162
CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74900 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
NEW FLASH can viewed at: hhttp://www-01.ibm.com/support/docview.wss?uid=swg21591172

Original Flash titled "Password to the plugin-key.kdb file expires on April 26, 2012 US EDT" may be viewed at:   http://www-01.ibm.com/support/docview.wss?uid=swg21588312

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.