5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
This security bulletin is a notice of security vulnerabilities in IBM Runtime Environment, Java Technology Edition and Apache Tomcat server which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID:CVE-2014-4263
**Description:**An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-0075 **Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service.
**CVSS Base Score:**5
**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information
*CVSS Environmental Score:**Undefined
CVSS Vector:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2014-0096
**Description:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
**CVSS Base Score:**4.3
**CVSS Temporal Score:**See<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information
*CVSS Environmental Score:**Undefined
CVSS Vector:(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-ID:CVE-2014-0099
**Description:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
**CVSS Base Score:**5
**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information
*CVSS Environmental Score:**Undefined
CVSS Vector:(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID:CVE-2014-0119
**Description:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
**CVSS Base Score:**5
**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information
*CVSS Environmental Score:**Undefined
CVSS Vector:(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Product
| Version
—|—
Rational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix003
Rational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix004
Rational Directory Administrator| 6.0 and 6.0.0.1
Upgrade to one of the following releases:
Product | Download link |
---|---|
IBM Rational Directory Server 5.2 (Tivoli) | RDS 5.2.1 iFix004 |
IBM Rational Directory Server 5.1.1 (Apache) | RDS 5.1.1.2 iFix005 |
IBM Rational Directory Administrator 6.0 or 6.0.0.1 | RDA 6.0.0.1 iFix001 |
None