Ray Kiddy wrote:
Does anyone have information on this? There is an old CVE entry for
Cloudscape which lists a possible security issue. We found the info by
searching at securityfocus.com.
CVE: CAN-2004-0253
BugTraq: 9583
My suspicion is that the problem is no longer relevant. The entry has
not been updated in a while. There is a field in the database for
listing versions which are not vulnerable and Derby could be so listed
on the entry.
I have not been involved with updating these entries, so I cannot
speak to the mechanics of it.
Does anyone feel they can speak to this and clarify the question?
thanx - ray
------------------------------
WebObjects Engineering
Developer Tools
Apple Computer, Inc
This is not longer the default start-up state as of version 5.1.60 and
should no longer be considered a problem for installations running this
and more recent versions. This was NEVER a problem in the open source
products based on Derby (e.g. IBM Cloudscape, JavaDB, etc.).
More info if needed: Action was taken right away to rectify this
problem. The default startup state of the Network Server was changed to
be a closed system. It is possible to configure the system to be this
wide-open but this cannot happen by accident and there are
recommendations-against and cautions-about fully opening up the system
in all the relevant places.
The following link is the FLASH announcement produced by IBM in response
to this report:
http://www-1.ibm.com/support/docview.wss?rs=0&context=SSCRVP&q1=flash&uid=swg21161241&loc=en_US&cs=utf-8&cc=us&lang=en
