Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache Tomcat

Summary

Security vulnerabilities have been discovered in Apache Tomcat

Vulnerability Details

**CVE-ID:**CVE-2013-4286, CVE-2013-4322, & CVE-2014-0033

**DESCRIPTION:**FlashSystem V840-AE1 uses Apache Tomcat.

FlashSystem V840-AE1 runs an Apache Tomcat web server which enables the systems’ browser-based administrative GUI. The version of Tomcat that runs in product code levels prior to 1.1.2.0 have the following vulnerabilities:

CVE-2013-4286 (Apache Tomcat HTTP request smuggling)

Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

CVSS v2 Base Score: 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91426&gt;
CVSS Vector: (AV:N/AC:M/AU:N/C:P/I:P/A:N)

CVE-2013-4322 (Apache Tomcat chunked transfer coding denial of service)

Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service.

CVSS v2 Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91625&gt;
CVSS Vector: (AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2014-0033 (Apache Tomcat disableURLRewriting session hijacking)

Apache Tomcat could allow a remote attacker to hijack a valid user’s session, caused by an error even when disableURLRewriting is enabled. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user’s account and possibly launch further attacks on the system.

CVSS v2 Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/&gt; 91423
CVSS Vector: (AV:N/AC:M/AU:N/C:P/I:N/A:N)

Affected Products and Versions

_FlashSystem V840 including machine type models (all available code levels) _
9846-AE1 & 9848-AE1

Remediation/Fixes

Products

| VRMF| APAR| Remediation/First Fix
—|—|—|—
9846-AE1,
9848-AE1,| A code fix is now available, the VRMF of this code level is 1.1.2.2| N/A| No work arounds or mitigations, other than applying this code fix, are known for this Apache Tomcat vulnerability

Workarounds and Mitigations

None known