TIBCO tibbr vulnerability

   Original release date: March 15, 2011
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   tibbr versions below 2.0.0

   The following components are affected:

     * tibbr web server


Description

   The tibbr web server contains a critical defect in the processing of
   inbound HTTP requests resulting in a cross-site scripting vulnerability.

   TIBCO has released updated versions of the affected software products
   which address these issues.  TIBCO strongly recommends sites running the 
   affected components install the applicable update or take corrective 
   action as described below.


Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.


Solution

   Update to tibbr version 2.0.0 or higher.  This is strongly recommended.


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2011-1414