Lucene search

IBM81F7B33FAB336C72236067D97D8A0E7917F21E1BA4D58BE87D553645875F0F4D

HistoryFeb 09, 2024 - 9:07 a.m.

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-40167].

2024-02-0909:07:00

www.ibm.com

jetty-http

vulnerability

ibm cloud pak for data system 1.0

cve-2023-40167

upgrade

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Summary

The jetty-http package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-40167].

Vulnerability Details

CVEID:CVE-2023-40167
**DESCRIPTION:**Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Data System	1.0.0.0- 1.0.8.3

Remediation/Fixes

IBM recommends addressing the vulnerability now by upgrading to latest version.

Product	VRMF	Remediation/First Fix
IBM Cloud Pak for Data System 1.0	1.0.8.4	Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcloud_pak_for_dataMatch1.0

CPENameOperatorVersion
ibm cloud pak for data systemeq1.0

CPE	Name	Operator	Version
	ibm cloud pak for data system	eq	1.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for 81F7B33FAB336C72236067D97D8A0E7917F21E1BA4D58BE87D553645875F0F4D