Security Advisory for TIBCO ActiveMatrix Service Bus 2.x

Security Advisory for TIBCO ActiveMatrix Service Bus 2.x

book

Article ID: KB0108158

calendar_today

Updated On:

Products

TIBCO ActiveMatrix Service Bus

Description

Description:

TIBCO ActiveMatrix vulnerability

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO ActiveMatrix Service Grid version 2.X below 2.3.2
   TIBCO ActiveMatrix Service Bus version 2.X below 2.3.2
   TIBCO ActiveMatrix BusinessWorks Service Engine below 5.8.2

   The following components are affected:

     * TIBCO ActiveMatrix Runtime Platform


Description

   The TIBCO ActiveMatrix components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0687 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.


Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.


Solution

   For each affected system, update to the corresponding software versions:

   TIBCO ActiveMatrix Service Grid 2.X version 2.3.2 or higher
   TIBCO ActiveMatrix Service Bus 2.X version 2.3.2 or higher
   TIBCO ActiveMatrix BusinessWorks Service Engine 5.8.X version 5.8.2 or higher


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0687

Issue/Introduction

Security Advisory for TIBCO ActiveMatrix Service Bus 2.x

Environment

Product: TIBCO ActiveMatrix Service Bus Version: 2.3.1 OS: --------------------

Resolution


TIBCO ActiveMatrix vulnerability

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO ActiveMatrix Service Grid version 2.X below 2.3.2
   TIBCO ActiveMatrix Service Bus version 2.X below 2.3.2
   TIBCO ActiveMatrix BusinessWorks Service Engine below 5.8.2

   The following components are affected:

     * TIBCO ActiveMatrix Runtime Platform


Description

   The TIBCO ActiveMatrix components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0687 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.


Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.


Solution

   For each affected system, update to the corresponding software versions:

   TIBCO ActiveMatrix Service Grid 2.X version 2.3.2 or higher
   TIBCO ActiveMatrix Service Bus 2.X version 2.3.2 or higher
   TIBCO ActiveMatrix BusinessWorks Service Engine 5.8.X version 5.8.2 or higher


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0687