A version of Apache Commons FileUpload shipped with Cúram is vulnerable to a denial of service attack.
CVEID:CVE-2014-0050__ __
DESCRIPTION:
Apache Commons FileUpload is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cúram Social Program Management
All products are affected when running code releases 4.5 SP10, 5.0, 5.2, 5.2 SP1, 5.2 SP4, 5.2 SP4 DE, 5.2 SP5, 5.2 SP6, 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4.
Product
| VRMF | Remediation/First Fix
—|—|—
Cúram SPM | 4.5 SP10 | Visit IBM Fix Central and upgrade to EP2
Cúram CWC | 4.5.1 | Visit IBM Fix Central and upgrade to EP2
Cúram SPM | 5.0 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 | Visit IBM Fix Central and upgrade to EP3
Cúram SPM | 5.2 SP1 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 SP4 | Visit IBM Fix Central and upgrade to EP24
Cúram SPM | 5.2 SP4 DE | Visit IBM Fix Central and upgrade to EP11
Cúram SPM | 5.2 SP5 | Visit IBM Fix Central and upgrade to EP4
Cúram SPM | 5.2 SP6 | Visit IBM Fix Central and upgrade to EP5
Cúram SPM | 6.0 SP2 | Visit IBM Fix Central and upgrade to EP25
Cúram SPM | 6.0.3.0 | Visit IBM Fix Central and upgrade to iFix 8
Cúram SPM | 6.0.4.0 | Visit IBM Fix Central and upgrade to iFix 13
Cúram SPM | 6.0.4.3 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.4.4 | Visit IBM Fix Central and upgrade to iFix 7
Cúram SPM | 6.0.4.5 | Visit IBM Fix Central and upgrade to iFix 5
Cúram SPM | 6.0.5.2 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.5.3 | Visit IBM Fix Central and upgrade to iFix 8
Cúram SPM | 6.0.5.4 | Visit IBM Fix Central and upgrade to iFix 2
None