Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary

There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section.

Vulnerability Details

CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

These vulnerabilities affect all versions of Liberty for Java for IBM Cloud up to and including v3.80.

Remediation/Fixes

To upgrade to Liberty for Java for IBM Cloud v4.0-20230421-1536 or higher, you must re-stage or re-push your application

To find the current version of Liberty for Java for IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:

cf ssh <appname> -c “cat staging_info.yml”

Look for similar lines:

{“detected_buildpack”:“Liberty for Java™ (WAR, liberty-xxx, v4.0-20230421-1536, xxx, env)“,”start_command”:“.liberty/initial_startup.rb”}

To re-stage your application using the command-line Cloud Foundry client, use the following command:

cf restage <appname>

To re-push your application using the command-line Cloud Foundry client, use the following command:

cf push <appname>

Workarounds and Mitigations

None