There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem V840 which allows remote attackers to cause a denial of service under certain scenarios.
CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing limitations on request body size. By sending a specially crafted request to the server, an attacker could keep a connection open and force Tomcat to keep a processing thread allocated to the connection.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102131> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
FlashSystem V840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AE1, 9848-AE1, 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1.
You should verify that applying this fix does not cause any compatibility issues.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Storage enclosures: 9846-AE1 & 9848-AE1 |
Control enclosures: 9846-AC0,
9846-AC1,
9848-AC0,
9848-AC1| A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) for the storage enclosure nodes and 7.5.0.2 for the control nodes.| _ _N/A| No workarounds or mitigations, other than applying this code fix, are known for this vulnerability
1.1.3.8 is available @ IBM’s Fix Central :V840 fixes, download 1.1.3.8 or later
7.5.0.2 is available @ IBM’s Fix Central :V840 fixes, download SVC 7.5.0.2 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem software | eq | any |