db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stanley Bradbury <Stan.Bradb...@gmail.com>
Subject Re: old CVE security entry for Cloudscape
Date Thu, 26 Oct 2006 20:28:55 GMT
Ray Kiddy wrote:
> Does anyone have information on this? There is an old CVE entry for 
> Cloudscape which lists a possible security issue. We found the info by 
> searching at securityfocus.com.
>     CVE: CAN-2004-0253
>     BugTraq: 9583
> My suspicion is that the problem is no longer relevant. The entry has 
> not been updated in a while. There is a field in the database for 
> listing versions which are not vulnerable and Derby could be so listed 
> on the entry.
> I have not been involved with updating these entries, so I cannot 
> speak to the mechanics of it.
> Does anyone feel they can speak to this and clarify the question?
> thanx - ray
> ------------------------------
> WebObjects Engineering
> Developer Tools
> Apple Computer, Inc
This is not longer the default start-up state as of  version 5.1.60 and 
should no longer be considered a problem for installations running this 
and more recent versions.  This was NEVER a problem in the open source 
products based on Derby (e.g. IBM Cloudscape, JavaDB, etc.).

More info if needed: Action was taken right away to rectify this 
problem.  The default startup state of the Network Server was changed to 
be a closed system.  It is possible to configure the system to be this 
wide-open but this cannot happen by accident and there are 
recommendations-against and cautions-about fully opening up the system 
in all the relevant places.

The following link is the FLASH announcement produced by IBM in response 
to this report:

View raw message