IBMB37A47AB60EB868AF7572A314990C7838EB07FEF680EA4DC8563B86CBA77886ASecurity Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.93 High
EPSS
Percentile
99.1%
Summary
Security vulnerabilities have been discovered in Apache Tomcat
Vulnerability Details
**CVE-ID:**CVE-2013-4286, CVE-2013-4322, & CVE-2014-0033
**DESCRIPTION:**FlashSystem 840 uses Apache Tomcat.
FlashSystem 840 runs an Apache Tomcat web server which enables the systems’ browser-based administrative GUI. The version of Tomcat that runs in product code levels prior to 1.1.2.0 have the following vulnerabilities:
CVE-2013-4286 (Apache Tomcat HTTP request smuggling)
Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS v2 Base Score: 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91426>
CVSS Vector: (AV:N/AC:M/AU:N/C:P/I:P/A:N)
CVE-2013-4322 (Apache Tomcat chunked transfer coding denial of service)
Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS v2 Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91625>
CVSS Vector: (AV:N/AC:M/AU:N/C:N/I:N/A:P)
CVE-2014-0033 (Apache Tomcat disableURLRewriting session hijacking)
Apache Tomcat could allow a remote attacker to hijack a valid user’s session, caused by an error even when disableURLRewriting is enabled. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user’s account and possibly launch further attacks on the system.
CVSS v2 Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/> 91423
CVSS Vector: (AV:N/AC:M/AU:N/C:P/I:N/A:N)
Affected Products and Versions
_FlashSystem 840 including machine type models (all available code levels) _
9840-AE1 & 9843-AE1
Remediation/Fixes
Products
| VRMF| APAR| Remediation/First Fix
—|—|—|—
9840-AE1,
9843-AE1,| A code fix is now available, the VRMF of this code level is 1.1.2.2| N/A| No work arounds or mitigations, other than applying this code fix, are known for this Apache Tomcat vulnerability
Workarounds and Mitigations
None known
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm flashsystem 900 | eq | any |
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.93 High
EPSS
Percentile
99.1%