APAR status
Closed as documentation error.
Error description
Brief Description: Apache Tomcat request smuggling CVE-ID: CVE-2014-0227 Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base Score: 4.300 CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100751 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Local fix
Not vulnerable
Problem summary
Upgrading Apache Tomcat from 5.5.36 to 6.0.43 and Apache Ant from 1.6.5 to 1.9.2 for use with Platform Symphony 6.1.1.
Problem conclusion
An document solution is available on Fix Center. Solution ID: sym-6.1.1-build330422
Temporary fix
Comments
APAR Information
APAR number
P100993
Reported component name
SYMPHONY ADVANC
Reported component ID
5725G8602
Reported release
FCT
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-03-16
Closed date
2015-03-16
Last modified date
2015-03-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZUMP","label":"IBM Spectrum Symphony"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"FCT","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGSMK","label":"Platform Symphony"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"FCT","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
16 March 2015