5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Previous releases of IBM UrbanCode Release are affected by vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the server or obtain sensitive information.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE-ID: CVE-2014-0075
Description: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0095
Description: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0096
Description: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2014-0099
Description: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2014-0119
Description: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
IBM UrbanCode Release v6.0, v6.0.0.1, v6.0.1, v6.0.1.1, v6.0.1.2, v6.0.1.3, v6.0.1.4, and v6.1 on all supported platforms.
For affected version 6.1 of IBM UrbanCode Release, upgrade to IBM UrbanCode Release version 6.1.0.1 or later. For all versions of 6.0 install IBM UrbanCode Release version 6.0.1.4.ifix01
None