Previous releases of IBM UrbanCode Deploy are affected by a HTTP request smuggling vulnerability in Apache Tomcat.
CVE ID: CVE-2014-0227
Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100751>_ for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, and 6.1.1.2 on all supported platforms.
IBM UrbanCode Deploy with Patterns 6.1.0, 6.1.0.1, 6.1.0.2, and 6.1.1 on all supported platforms.
For affected versions of IBM UrbanCode Deploy 6.1, upgrade to IBM UrbanCode Deploy Fix Pack 3 (6.1.1.3) or later.
For affected versions of IBM UrbanCode Deploy 6.0, upgrade to IBM UrbanCode Deploy Fix Pack 8 (6.0.1.8) or later.
For affected versions of IBM UrbanCode Deploy with Patterns 6.1, upgrade to IBM UrbanCode Deploy with Patterns Fix Pack 1 (6.1.1.1) or later.
None