Websphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat reported in May 2014 X-Force Report .
Websphere Message Broker and IBM Integration Bus are affected by CVE-2014-0075 and CVE-2014-0099.
CVE-ID: CVE-2014-0075
Description: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0099
Description: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
WebSphere Message Broker V8.0
IBM Integration Bus V9.0
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
WebSphere message Broker
| V8.0
| IT02891| The APAR is targeted to be available in fix pack 8.0.0.5. Prior to fix pack availability the APAR can be obtained on request from IBM Support
IBM Integration Bus| V9.0| IT02891| The APAR is targeted to be available in fix pack 9.0.0.3. Prior to fix pack availability the APAR can be obtained on request from IBM Support
The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :
http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308
None known