7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Security vulnerabilities have been discovered in Tomcat, XalanJ and the IBM JRE that were reported in late May, 2014.
CVE-ID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.
CVSS:
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-0075 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0095 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0096 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2014-0099 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2014-0119 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2014-0878 DESCRIPTION: A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers potentially allows an attacker to predict the output of the random number generator under certain circumstances. Please refer to the Workarounds & Mitigation section below for additional information.
CVSS:
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91084> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-0460 DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS:
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92482> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
The recommended solution is to apply the fix for versions listed as soon as practical.
None known.
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P