IBMDF31E141AA096CFAECC5AC37CD89F76F7CE6B99FF75F3440AC07B72623391F17Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0230)
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Summary
The Apache Tomcat server used in Rational Test Control Panel is vulnerable to a denial of service attack.
Vulnerability Details
CVE ID: CVE-2014-0230
Description: Apache Tomcat is vulnerable to a denial of service, caused by an error when uploading files. An attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 5.000 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102131> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server versions:
- 8.0,0,x
- 8.0.1.x
- 8.5.0.x
Remediation/Fixes
The fixes for the CVE(s) mentioned above have been incorporated into the 7.0.62 release of Apache Tomcat, and included in a set of new fixpacks available from IBM.
Upgrade your installation as follows:
Visit IBM Fix Central to search for, download and apply the following fixpacks for your version of product:
- All 8.0.0.x -> 8.0.0.5 * All 8.0.1.x ->8.0.1.6 * All 8.5.0.x ->8.5.0.4
Workarounds and Mitigations
None
Related
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C