IBM Support

P100993: [PSIRT] OPEN SOURCE APACHE TOMCAT VULNERABILITY - REPORTED IN 02/09/2015 X-FORCE REPORT

 

APAR status

  • Closed as documentation error.

Error description

  • Brief Description: Apache Tomcat request smuggling
CVE-ID: CVE-2014-0227
Description: Apache Tomcat is vulnerable to HTTP request
smuggling. A remote attacker could send a specially-crafted
request in a malformed chunked header to the Web server to cause
multiple processing conflicts on the servers. An attacker could
exploit this vulnerability to poison the web cache, bypass web
application firewall protection, and conduct XSS attacks.
CVSS Base Score: 4.300
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100751
for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Local fix

  • Not vulnerable

Problem summary

  • Upgrading Apache Tomcat from 5.5.36 to 6.0.43 and Apache Ant
from 1.6.5 to 1.9.2 for use with Platform Symphony 6.1.1.

Problem conclusion

  • An document solution is available on Fix Center.

Solution ID: sym-6.1.1-build330422

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    P100993
    • 

  • Reported component name
    SYMPHONY ADVANC
    • 

  • Reported component ID
    5725G8602
    • 

  • Reported release
    FCT
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-03-16
    • 

  • Closed date
    2015-03-16
    • 

  • Last modified date
    2015-03-16
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZUMP","label":"IBM Spectrum Symphony"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"FCT","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGSMK","label":"Platform Symphony"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"FCT","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            16 March 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback