TIBCO LogLogic Unity vulnerabilities

   Original release date: November 17, 2015
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO LogLogic Unity 1.1.0 and earlier

   The following components are affected:

     * TIBCO LogLogic Unity Web Server


Description

   The TIBCO LogLogic Unity components listed above contain a vulnerability in
   the handling of HTTP requests which may result in escalation of privilege.

   TIBCO has released updated versions of the affected software products
   which address these issues.  TIBCO strongly recommends sites running the 
   affected components install the applicable update as described below.


Impact

   The impact of this vulnerability is escalation of privilege resulting
   in information disclosure.
    
   CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:P/A:N)


Solution

   For each affected system, update to the corresponding software versions:
 
   TIBCO LogLogic Unity 1.1.1 or higher


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2015-8090