IBM Traveler DoS Vulnerability (CVE-2016-3039)
IBM Traveler DoS Vulnerability (CVE-2016-3039)
Release date:
Updated on:
Affected Systems:
IBM Traveler 9.0.1
IBM Traveler 9.0
IBM Traveler 8.x
Description:
CVE (CAN) ID: CVE-2016-3039
IBM Notes Traveler (formerly known as IBM Lotus Notes Traveler) is a push email software that helps users quickly access emails, calendars, and contacts from a variety of mobile devices or tablets.
IBM Traveler 8.x, 9.x <9.0.1.12, which processes XML data and causes dos due to XML external entity injection errors. Remote attackers can exploit this vulnerability to obtain sensitive information or consume all available memory resources.
<* Source: IBM (ncsupp@ca.ibm.com)
*>
Suggestion:
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www-01.ibm.com/support/docview.wss? Uid = swg1LO89357
Http://www-01.ibm.com/support/docview.wss? Uid = swg21985858
This article permanently updates the link address: