You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-user@db.apache.org by Ray Kiddy <ki...@apple.com> on 2006/10/26 17:42:00 UTC
old CVE security entry for Cloudscape
Does anyone have information on this? There is an old CVE entry for
Cloudscape which lists a possible security issue. We found the info by
searching at securityfocus.com.
CVE: CAN-2004-0253
BugTraq: 9583
My suspicion is that the problem is no longer relevant. The entry has
not been updated in a while. There is a field in the database for
listing versions which are not vulnerable and Derby could be so listed
on the entry.
I have not been involved with updating these entries, so I cannot
speak to the mechanics of it.
Does anyone feel they can speak to this and clarify the question?
thanx - ray
------------------------------
WebObjects Engineering
Developer Tools
Apple Computer, Inc
Re: old CVE security entry for Cloudscape
Posted by Stanley Bradbury <St...@gmail.com>.
Ray Kiddy wrote:
>
> Does anyone have information on this? There is an old CVE entry for
> Cloudscape which lists a possible security issue. We found the info by
> searching at securityfocus.com.
>
> CVE: CAN-2004-0253
> BugTraq: 9583
>
> My suspicion is that the problem is no longer relevant. The entry has
> not been updated in a while. There is a field in the database for
> listing versions which are not vulnerable and Derby could be so listed
> on the entry.
>
> I have not been involved with updating these entries, so I cannot
> speak to the mechanics of it.
>
> Does anyone feel they can speak to this and clarify the question?
>
> thanx - ray
>
> ------------------------------
> WebObjects Engineering
> Developer Tools
> Apple Computer, Inc
>
>
This is not longer the default start-up state as of version 5.1.60 and
should no longer be considered a problem for installations running this
and more recent versions. This was NEVER a problem in the open source
products based on Derby (e.g. IBM Cloudscape, JavaDB, etc.).
More info if needed: Action was taken right away to rectify this
problem. The default startup state of the Network Server was changed to
be a closed system. It is possible to configure the system to be this
wide-open but this cannot happen by accident and there are
recommendations-against and cautions-about fully opening up the system
in all the relevant places.
The following link is the FLASH announcement produced by IBM in response
to this report:
http://www-1.ibm.com/support/docview.wss?rs=0&context=SSCRVP&q1=flash&uid=swg21161241&loc=en_US&cs=utf-8&cc=us&lang=en