CVE编号
CVE-2017-1285利用情况
暂无补丁情况
N/A披露时间
2017-07-13漏洞描述
IBM MQ(前称IBM WebSphere MQ)是美国IBM公司的一款消息传递中间件产品。该产品主要为面向服务的体系结构(SOA)提供可靠的、经过验证的消息传递主干网。IBM MQ 9.0.1版本至9.0.2版本中存在安全漏洞。攻击者可利用该漏洞造成SDR或CLUSSDR通道拒绝服务。
解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://www.ibm.com/support/docview.wss?uid=swg22003856
参考链接 |
|
|---|---|
| http://www.securityfocus.com/bid/99538 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 | |
| https://www.ibm.com/support/docview.wss?uid=swg22003856 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | ibm | websphere_mq | 9.0.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | ibm | websphere_mq | 9.0.2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.3 | xen | * |
Up to (excluding) 4.6.6-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.4 | xen | * |
Up to (excluding) 4.6.6-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.5 | xen | * |
Up to (excluding) 4.7.3-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.6 | xen | * |
Up to (excluding) 4.8.2-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.7 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.8 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | xen | * |
Up to (excluding) 4.9.0-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_7 | xen | * |
Up to (excluding) 4.1.6.lts1-9 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | xen | * |
Up to (excluding) 4.4.1-9+deb8u3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | xen | * |
Up to (excluding) 1.12.1-3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_25 | xen | * |
Up to (excluding) 1.1.3-2.fc25 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_26 | xen | * |
Up to (excluding) 1.3.0-1.fc26 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_27 | xen | * |
Up to (excluding) 1.3.0-1.fc27 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_6 | xen | * |
Up to (excluding) 1.10.4-6.el6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_7 | xen | * |
Up to (excluding) 1.10.4-5.el7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.2 | xen | * |
Up to (excluding) 4.7.3_03-11.12.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.3 | xen | * |
Up to (excluding) 4.9.0_11-4.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_11_SP4 | xen | * |
Up to (excluding) 4.4.4_22-61.9.2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12 | python-numpy_1_13_3-gnu-hpc | * |
Up to (excluding) 1.13.3-4.6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12 | xen | * |
Up to (excluding) 4.7.3_03-43.9 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP2 | xen | * |
Up to (excluding) 4.7.3_03-43.9.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP3 | xen | * |
Up to (excluding) 4.9.0_11-3.9.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_11_SP4 | xen | * |
Up to (excluding) 4.4.4_22-61.9.2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP2 | xen | * |
Up to (excluding) 4.7.3_03-43.9.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP3 | xen | * |
Up to (excluding) 4.9.0_11-3.9.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04_lts | python-numpy | * |
Up to (excluding) 2019-01-22 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04_lts | xen | * |
Up to (excluding) 4.4.2-0ubuntu0.14.04.14 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04_lts | xen | * |
Up to (excluding) 4.6.5-0ubuntu1.4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04_lts | python-numpy | * |
Up to (excluding) 2019-01-22 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.10 | python-numpy | * |
Up to (excluding) 2019-01-22 |
|||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
还没有评论,来说两句吧...