Talend Security Advisory: CVE-2016-3092 vulnerability can affect Talend Web Services

Talend Security Advisory: CVE-2016-3092 vulnerability can affect Talend Web Services

Tomcat 7.0.54 and 8.0.20 are affected by CVE-2016-3092 Apache Commons Fileupload information disclosure vulnerability. This can affect the Talend Web Servers.
The Talend Installer for 5.5.1, 5.6.1, 5.6.2 and 5.6.3 versions included Tomcat 7.0.54.
The Talend Installer for 6.0.1, 6.1.1, 6.1.2, 6.2.1, 6.2.2 and 6.3.1 versions included Tomcat 8.0.20.
This issue is fixed in Tomcat 8.0.36 and greater.

Talend Products affected:

Products

Versions

  • Talend Administration Center
  • Talend IAM (in Tomcat Webapps Folder: Syncope)
  • Talend DQ Portal
  • 5.5
  • 5.6
  • 6.0
  • 6.1
  • 6.2
  • 6.3
  • Talend MDM Server
  • 6.0
  • 6.1
  • 6.2
  • 6.3

Severity (Low/Medium/High): Moderate (Denial of Service)

Original vendor: The Apache Software Foundation

Dependency versions affected:

  • Apache Commons Fileupload 1.3 to 1.3.1
  • Apache Commons Fileupload 1.2 to 1.2.2
  • Apache Tomcat 9.x to 9.0.0M6
  • Apache Tomcat 8.x to 8.0.35
  • Apache Tomcat 7.x to 7.0.69
  • Apache Tomcat 6

Immediate actions required:

  • If you use Talend products versions 6.0, 6.1, 6.2 and 6.3, install Tomcat 8.0.36 or greater (8.0.42 recommended).
  • If you use Talend products versions 5.5 and 5.6, upgrade to Talend 6.3.1 and Install Tomcat 8.0.36 or greater (8.0.42 recommended).
  • If you use Talend DQ Portal, download the patch Patch_20170424_TDQ-13533_v1-6.3.1.zip (use your Nexus login, or contact Talend Support to request the patch). Follow the instructions mentioned in Technical Security Advisory: CVE-2016-3092 vulnerability can affect Talend Web Services, attached.

For additional details, remediation steps, or questions, contact Talend Support.

Version history
Revision #:
7 of 7
Last update:
‎06-22-2017 04:25 PM
Updated by:
 
Contributors
Tags (1)
Comments
dsegard2

The hyperlink in :

follow the instructions mentioned in Technical Note: CVE-2016-3092 vulnerability can affect Talend Web Services.

does not work ...