7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.064 Low
EPSS
Percentile
93.7%
There is a vulnerability in Open Source Apache Tomcat that is used by IBM FlashSystem 840 which allows remote attackers to cause a denial of service under certain scenarios.
CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing limitations on request body size. By sending a specially crafted request to the server, an attacker could keep a connection open and force Tomcat to keep a processing thread allocated to the connection.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102131> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
FlashSystem 840, MTMs 9840-AE1 and 9843-AE1 at code level 1.1.3.7 and earlier are affected.
You should verify applying this fix does not cause any compatibility issues.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
840 MTM: | |||
9840-AE1 & 9843-AE1 | A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) | N/A | |
No work arounds or mitigations, other than applying this code fix, are known for this vulnerability |
1.1.3.8 is available @ IBM’s Fix Central**:**840 fixes, download 1.1.3.8 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem 900 | eq | any |