CVE-2016-0210

Description

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.

Affected products

• IBM Corporation / Sterling B2B Integrator5.2.6 – 5.2.6
• IBM Corporation / Sterling B2B Integrator
• IBM Corporation / Sterling B2B Integrator5.2.1 – 5.2.1
• IBM Corporation / Sterling B2B Integrator5.2.2 – 5.2.2
• IBM Corporation / Sterling B2B Integrator5.2.3 – 5.2.3
• IBM Corporation / Sterling B2B Integrator5.2.4.1 – 5.2.4.1
• IBM Corporation / Sterling B2B Integrator5.2.4.2 – 5.2.4.2
• IBM Corporation / Sterling B2B Integrator5.2.5 – 5.2.5
• IBM Corporation / Sterling B2B Integrator5.1 – 5.1
• IBM Corporation / Sterling B2B Integrator5.2 – 5.2
• IBM Corporation / Sterling B2B Integrator4.3 – 4.3
• IBM Corporation / Sterling B2B Integrator5.0 – 5.0
• IBM Corporation / Sterling B2B Integrator5.2.4 – 5.2.4

References

• MISChttp://www.securityfocus.com/bid/90527
• MISChttp://www.ibm.com/support/docview.wss?uid=swg21981549