7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem 900 which allows remote attackers to cause a denial of service under certain scenarios.
CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing limitations on request body size. By sending a specially crafted request to the server, an attacker could keep a connection open and force Tomcat to keep a processing thread allocated to the connection.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102131 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)** **
IBM FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem
**900 MTMs: **
9840-AE2 &
9843-AE2| A code fix is now available, the VRMF of this code level is 1.2.1.7 (or later)| N/A
| No work arounds or mitigations, other than applying this code fix, are known for this vulnerability
1.2.1.7 is available @ IBM’s Fix Central**:**900 fixes, download 1.2.1.7 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem 900 | eq | any |