TIBCO is aware of potential security vulnerabilities in prior versions of the KAAZING Gateway, which we utilize in TIBCO Web Messaging for TIBCO Enterprise Message Service. These vulnerabilities exist in Gateway versions prior to 4.0.5. Version 4.0.5 was released by TIBCO in June of 2014.

 Systems affected

Description

The TIBCO Web Messaging for TIBCO Enterprise Message Service components listed above contain a critical vulnerability in the handling of HTTP requests. These vulnerabilities may result in unintended information disclosure.

TIBCO Software has released updated versions of the affected software products to address these issues. TIBCO Software strongly recommends sites running the affected products install the applicable update as described below.

Impact

The impact of this vulnerability is information disclosure.

Solution

For each affected system, update to the corresponding software versions:

References

KAAZING: http://kaazing.com/services/support/advisories/