This Security Bulletin address the security vulnerability CVE-2014-0050 in IBM Operational Decision Manager formerly known as WebSphere ILOG JRules and WebSphere Business Events.
DESCRIPTION:
IBM Operational Decision Management uses the library commons-fileupload.jar in the Web Application to transfer files. This library allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM WebSphere ILOG JRules V7.0:
Interim fix 2 for APAR RS01613 is available from IBM Fix Central: 7.0.3.0-WS-BRMS-IF002
IBM WebSphere ILOG JRules V7.1:
Interim fix 38 for APAR RS01613 is available from IBM Fix Central: 7.1.1.5-WS-BRMS-IF038
IBM WebSphere Business Event 7.0:
Interim fix 18 for APAR RS01613 is available from IBM Fix Central: 7.0.1.1-WS-BE-NON_ZOS-TP18
IBM WebSphere Operational Decision Management v7.5:
Interim fix 38 for APAR RS01613 is available from IBM Fix Central: 7.5.0.3-WS-BRMS-IF038
IBM Operational Decision Manager v8.0
Interim fix 30 for APAR RS01613 is available from IBM Fix Central: 8.0.1.2-WS-BRMS-IF030
IBM Operational Decision Manager v8.5
Interim fix 27 for APAR RS01613 is available from IBM Fix Central: 8.5.1.0-WS-BRMS-IF027
none known. Apply fix