Security Bulletin: Several vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-2923, CVE-2016-2945, CVE-2016-0359)
  • Liberty for Java
  • Sydney
  • Description
    There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server.

    A user action is needed to update your instances.

    For more information, see the security bulletin.