IBMB1AD6C29F17298F54FC475D13E75ECE9C959847B3671FAFC44950BE9472AFF6DSecurity Bulletin: A vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0230)
0.073 Low
EPSS
Percentile
94.1%
Summary
There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem V840 which allows remote attackers to cause a denial of service under certain scenarios.
Vulnerability Details
CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing limitations on request body size. By sending a specially crafted request to the server, an attacker could keep a connection open and force Tomcat to keep a processing thread allocated to the connection.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102131> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
FlashSystem V840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AE1, 9848-AE1, 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1.
Remediation/Fixes
You should verify that applying this fix does not cause any compatibility issues.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| Storage enclosures: 9846-AE1 & 9848-AE1 |
Control enclosures: 9846-AC0,
9846-AC1,
9848-AC0,
9848-AC1| A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) for the storage enclosure nodes and 7.5.0.2 for the control nodes.| _ _N/A| No workarounds or mitigations, other than applying this code fix, are known for this vulnerability
1.1.3.8 is available @ IBM’s Fix Central :V840 fixes, download 1.1.3.8 or later
7.5.0.2 is available @ IBM’s Fix Central :V840 fixes, download SVC 7.5.0.2 or later
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm flashsystem software | eq | any |
Related
0.073 Low
EPSS
Percentile
94.1%