Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM12277D33F023D49A4635EDECB39A0984615C187AFB27843CEEABF15CDF9E0E02
HistoryJun 17, 2018 - 10:31 p.m.

Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

2018-06-1722:31:46
www.ibm.com
11

0.93 High

EPSS

Percentile

99.1%

JSON

Summary

Previous releases of IBM UrbanCode Release are affected by vulnerabilities in Apache Tomcat and FileUpload that may allow remote attackers to influence the availability of the server or obtain sensitive information.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID: CVE-2014-0050 **
Description:Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a specially crafted request. **
CVSS Base Score: 5.0**
CVSS Temporal Score:See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987&gt; for the current score
CVSS Environmental Score*:Undefined
CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)

**
CVE ID:CVE-2013-4286 **
Description:Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious requests. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. **
CVSS Base Score: 4.3
CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426&gt; for the current score**
CVSS Environmental Score*:** Undefined**
CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:P/A:N)

**
CVE ID:CVE-2014-0033 **
Description:Apache Tomcat could allow a remote attacker to hijack a valid user’s session. By persuading a victim to visit a specially crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user’s account and possibly launch further attacks on the system. **
CVSS Base Score: 4.3
CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91423&gt; for the current score**
CVSS Environmental Score*:** Undefined**
CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:P/A:N)

**
CVE ID:CVE-2013-4322 **
Description:Apache Tomcat allows remote attackers to cause a denial of service by issuing crafted requests. **
CVSS Base Score: 5
CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91625&gt; for the current score**
CVSS Environmental Score*:** Undefined**
CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)

**
CVE ID:CVE-2013-4590 **
Description:Apache Tomcat could allow a remote attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. **
CVSS Base Score: 4.3
CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91424&gt; for the current score**
CVSS Environmental Score*:** Undefined**
CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM UrbanCode Release v6.0, v6.0.0.1, v6.0.1, v6.0.1.1, v6.0.1.2 and v6.0.1.3 on all supported platforms.

Remediation/Fixes

For all affected versions of IBM UrbanCode Release, upgrade to IBM UrbanCode Release version 6.0.1.4 or later.

Workarounds and Mitigations

None

Related

securityvulns 4
ibm 34
openvas 39
ubuntu 1
nessus 40
redhat 11
fedora 3
mageia 4
oraclelinux 3
osv 6
debian 3
amazon 2
tomcat 5
centos 2
vmware 2
ubuntucve 3
debiancve 2
github 3
cvelist 3
atlassian 5
seebug 4
checkpoint_advisories 2
prion 3
veracode 2
nvd 3
cve 3
gentoo 1
f5 2
exploitpack 1
jvn 1
zdt 1
suse 1
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
2014-02-28 00:00:00
[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled
2014-02-28 00:00:00
ibm
ibm
Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-18 00:08:13
Security Bulletin: Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)
2018-06-15 22:31:20
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:44
openvas
openvas
Ubuntu: Security Advisory (USN-2130-1)
2014-03-12 00:00:00
Ubuntu Update for tomcat7 USN-2130-1
2014-03-12 00:00:00
Mageia: Security Advisory (MGASA-2014-0148)
2022-01-28 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
2014-03-07 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525)
2014-06-26 00:00:00
Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)
2014-09-29 00:00:00
redhat
redhat
(RHSA-2014:0528) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:32:03
(RHSA-2014:0525) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:09:00
(RHSA-2014:0527) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-05-21 15:31:56
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20
2014-02-17 21:06:10
[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19
2014-02-17 21:07:04
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated apache-commons-fileupload package fixes CVE-2014-0050
2014-02-28 22:57:52
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
osv
osv
tomcat6 - security update
2014-11-23 00:00:00
tomcat6 - regression update
2014-11-23 00:00:00
tomcat7 - security update
2014-04-08 00:00:00
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
2014-02-07 22:59:08
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
Medium: tomcat7
2014-03-24 23:36:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-07-09 16:09:49
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-4590
2014-02-26 00:00:00
CVE-2014-0033
2014-02-26 00:00:00
CVE-2014-0050
2014-02-07 00:00:00
debiancve
debiancve
CVE-2013-4590
2014-02-26 14:55:00
CVE-2014-0050
2014-04-01 06:27:51
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:35
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
cvelist
cvelist
CVE-2013-4590
2014-02-26 11:00:00
CVE-2014-0033
2014-02-26 11:00:00
CVE-2014-0050
2014-03-28 19:00:00
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
seebug
seebug
Apache TomcatXML外部实体信息泄漏漏洞
2014-02-27 00:00:00
Apache Tomcat会话固定漏洞
2014-02-27 00:00:00
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
2014-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
2014-03-05 00:00:00
Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)
2014-03-16 00:00:00
prion
prion
Xxe
2014-02-26 14:55:00
Session fixation
2014-02-26 14:55:00
Design/Logic Flaw
2014-04-01 06:27:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
Denial Of Service (DoS) By An Infinite Loop Causing CPU Consumption
2019-01-15 08:58:15
nvd
nvd
CVE-2013-4590
2014-02-26 14:55:08
CVE-2014-0033
2014-02-26 14:55:08
CVE-2014-0050
2014-04-01 06:27:51
cve
cve
CVE-2013-4590
2014-02-26 14:55:08
CVE-2014-0033
2014-02-26 14:55:08
CVE-2014-0050
2014-04-01 06:27:51
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
f5
f5
SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050
2014-04-18 00:00:00
K15189 : Apache Commons FileUpload vulnerability CVE-2014-0050
2015-08-15 00:00:00
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
jvn
jvn
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2014-02-10 00:00:00
zdt
zdt
Apache Commons FileUpload and Apache Tomcat Denial of Service
2014-02-12 00:00:00
suse
suse
Security update for jakarta-commons-fileupload (important)
2014-04-17 21:04:15

0.93 High

EPSS

Percentile

99.1%

JSON
Related for 12277D33F023D49A4635EDECB39A0984615C187AFB27843CEEABF15CDF9E0E02
securityvulns4ibm34openvas39ubuntu1nessus40redhat11fedora3mageia4oraclelinux3osv6debian3amazon2tomcat5centos2vmware2ubuntucve3debiancve2github3cvelist3atlassian5seebug4checkpoint_advisories2prion3veracode2nvd3cve3gentoo1f52exploitpack1jvn1zdt1suse1