Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB
HistoryNov 07, 2021 - 5:55 a.m.

Security Bulletin: Multiple Apache Commons FileUpload vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2014-0034, CVE-2014-0050, CVE-2013-2186, CVE-2016-3092)

2021-11-0705:55:47
www.ibm.com
15

0.191 Low

EPSS

Percentile

96.3%

JSON

Summary

A vulnerability has been identified in the Apache Commons FileUpload shipped with IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2014-0034
**DESCRIPTION:**Apache CXF could allow a remote attacker to bypass security restrictions, caused by the improper handling of invalid SAML tokens by the SecurityTokenService. An attacker could exploit this vulnerability using a specially-crafted token to bypass the authentication process and gain unauthorized access to the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/94337 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:CVE-2014-0050
**DESCRIPTION:**Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/90987 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2013-2186
**DESCRIPTION:**Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVEID:CVE-2016-3092
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Business Service Manager 6.2.0

Remediation/Fixes

Product VRMF APAR Remediation
IBM Tivoli Business Service Manager 6.2.0 6.2.0.3 IF IJ32982 Upgrade to Upgrade to IBM Tivoli Business Service Manager 6.2.0.3 IF2

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli business service managereq6.2.0

Related

ibm 68
gentoo 1
nessus 29
suse 1
openvas 23
f5 5
osv 4
checkpoint_advisories 2
veracode 4
nvd 3
fedora 8
cve 3
prion 3
redhat 8
github 2
cvelist 3
debian 8
ubuntucve 2
debiancve 3
ubuntu 2
securityvulns 2
tomcat 3
myhack58 1
atlassian 4
freebsd 2
amazon 1
mageia 2
exploitpack 1
seebug 1
ibm
ibm
Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)
2022-09-26 05:34:17
Security Bulletin: QRadar SIEM contains vulnerable components and libraries. (CVE-2014-0050, CVE-2016-3092)
2018-06-16 22:06:30
Security Bulletin: Multiple Vulnerabilities in Apache Commons Affect IBM Sterling B2B Integrator (CVE-2016-3092, CVE-2014-0050, CVE-2013-0248)
2020-02-05 00:53:36
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
nessus
nessus
GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities
2022-01-24 00:00:00
Debian DSA-2827-1 : libcommons-fileupload-java - arbitrary file upload via deserialization
2013-12-24 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1428)
2014-11-08 00:00:00
suse
suse
Security update for jakarta-commons-fileupload (important)
2013-11-12 19:04:18
openvas
openvas
Debian Security Advisory DSA 2827-1 (libcommons-fileupload-java - arbitrary file upload via deserialization)
2013-12-24 00:00:00
Ubuntu: Security Advisory (USN-2029-1)
2013-11-18 00:00:00
Fedora Update for cxf-xjc-utils FEDORA-2015-4726
2015-07-07 00:00:00
f5
f5
K63443590 : Apache Commons FileUpload vulnerability CVE-2013-2186
2016-01-21 00:00:00
SOL63443590 - Apache Commons FileUpload vulnerability CVE-2013-2186
2016-01-21 00:00:00
K82392041 : Apache Commons FileUpload vulnerability CVE-2016-3092
2016-07-19 00:00:00
osv
osv
Arbitrary file write in Apache Commons Fileupload
2022-05-14 03:52:43
Improper Input Validation in Apache CXF
2022-05-13 01:09:20
libcommons-fileupload-java - security update
2016-06-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization (CVE-2013-2186)
2016-08-14 00:00:00
Apache Commons FileUpload Denial Of Service (CVE-2016-3092)
2016-07-31 00:00:00
veracode
veracode
Arbitrary File Write With Null Byte In File Name
2019-01-15 09:00:40
Authentication Bypass In The SecurityTokenService
2019-01-15 08:54:53
Denial Of Service (DoS)
2019-01-15 09:13:41
nvd
nvd
CVE-2013-2186
2013-10-28 21:55:05
CVE-2014-0034
2014-07-07 14:55:03
CVE-2016-3092
2016-07-04 22:59:04
fedora
fedora
[SECURITY] Fedora 22 Update: cxf-xjc-utils-2.6.2-1.fc22
2015-04-21 18:56:45
[SECURITY] Fedora 22 Update: jboss-connector-1.6-api-1.0.1-1.fc22
2015-04-21 18:56:45
[SECURITY] Fedora 22 Update: cxf-2.7.11-1.fc22
2015-04-21 18:56:45
cve
cve
CVE-2014-0034
2014-07-07 14:55:03
CVE-2013-2186
2013-10-28 21:55:05
CVE-2016-3092
2016-07-04 22:59:04
prion
prion
Design/Logic Flaw
2013-10-28 21:55:00
Code injection
2014-07-07 14:55:00
Design/Logic Flaw
2016-07-04 22:59:00
redhat
redhat
(RHSA-2013:1442) Important: commons-fileupload security update
2013-10-17 17:17:19
(RHSA-2013:1428) Important: jakarta-commons-fileupload security update
2013-10-15 00:00:00
(RHSA-2013:1429) Important: jakarta-commons-fileupload security update
2013-10-15 18:30:11
github
github
Arbitrary file write in Apache Commons Fileupload
2022-05-14 03:52:43
Improper Input Validation in Apache CXF
2022-05-13 01:09:20
cvelist
cvelist
CVE-2013-2186
2013-10-28 21:00:00
CVE-2014-0034
2014-07-07 14:00:00
CVE-2016-3092
2016-07-04 22:00:00
debian
debian
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
2013-12-24 05:38:15
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
2013-12-24 05:38:15
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update
2016-06-30 08:44:01
ubuntucve
ubuntucve
CVE-2013-2186
2013-10-28 00:00:00
CVE-2016-3092
2016-06-23 00:00:00
debiancve
debiancve
CVE-2013-2186
2013-10-28 21:55:05
CVE-2016-3092
2016-07-04 22:59:04
CVE-2014-0050
2014-04-01 06:27:51
ubuntu
ubuntu
Apache Commons FileUpload vulnerability
2013-11-13 00:00:00
Tomcat vulnerability
2016-07-06 00:00:00
securityvulns
securityvulns
[USN-2029-1] Apache Commons FileUpload vulnerability
2013-12-09 00:00:00
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
2014-03-31 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.0.M8
2016-06-13 00:00:00
Fixed in Apache Tomcat 8.5.3 and 8.0.36
2016-06-13 00:00:00
Fixed in Apache Tomcat 7.0.70
2016-06-20 00:00:00
myhack58
myhack58
Apache Commons Fileupload 1.3.1 DOS(CVE-2016-3092)-vulnerability warning-the black bar safety net
2017-06-15 00:00:00
atlassian
atlassian
Upgrade Tomcat to 8.0.36 or later
2016-07-14 14:22:05
Upgrade commons-fileupload to version >= 1.3.2
2016-07-20 08:22:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
freebsd
freebsd
Apache Commons FileUpload -- denial of service
2016-06-21 00:00:00
Apache Commons FileUpload -- denial of service (DoS) vulnerability
2016-06-20 00:00:00
amazon
amazon
Medium: tomcat7, tomcat8
2016-08-17 13:30:00
mageia
mageia
Updated tomcat/apache-commons-fileupload packages fix security vulnerability
2016-07-27 00:16:28
Updated apache-commons-fileupload package fixes CVE-2014-0050
2014-02-28 22:57:52
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
seebug
seebug
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
2014-02-13 00:00:00

0.191 Low

EPSS

Percentile

96.3%

JSON
Related for 40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB
ibm68gentoo1nessus29suse1openvas23f55osv4checkpoint_advisories2veracode4nvd3fedora8cve3prion3redhat8github2cvelist3debian8ubuntucve2debiancve3ubuntu2securityvulns2tomcat3myhack581atlassian4freebsd2amazon1mageia2exploitpack1seebug1