CVE-2014-0852

Name of the Vulnerable Software and Affected Versions IBM WebSphere DataPower SOA appliances versions 4.0.2.15 and earlier IBM WebSphere DataPower SOA appliances versions 5.x through 5.0.0.17 IBM WebSphere DataPower SOA appliances versions 6.0.0.x through 6.0.0.9 IBM WebSphere DataPower SOA appliances versions 6.0.1.x through 6.0.1.5

Description The issue makes it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack.

Recommendations For versions 4.0.2.15 and earlier, update to a version later than 4.0.2.15. For versions 5.x through 5.0.0.17, update to a version later than 5.0.0.17. For versions 6.0.0.x through 6.0.0.9, update to a version later than 6.0.0.9. For versions 6.0.1.x through 6.0.1.5, update to a version later than 6.0.1.5.