IBMF1EC5D4551244A16FA4089F1A2978123216790C3873FA1FE248F1579895E1483Security Bulletin: Denial of Service attack possible on Cúram instances using Apache Commons FileUpload (CVE-2014-0050)
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Summary
A version of Apache Commons FileUpload shipped with Cúram is vulnerable to a denial of service attack.
Vulnerability Details
CVEID:CVE-2014-0050__ __
DESCRIPTION:
Apache Commons FileUpload is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Cúram Social Program Management
All products are affected when running code releases 4.5 SP10, 5.0, 5.2, 5.2 SP1, 5.2 SP4, 5.2 SP4 DE, 5.2 SP5, 5.2 SP6, 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4.
Remediation/Fixes
Product
| VRMF | Remediation/First Fix
—|—|—
Cúram SPM | 4.5 SP10 | Visit IBM Fix Central and upgrade to EP2
Cúram CWC | 4.5.1 | Visit IBM Fix Central and upgrade to EP2
Cúram SPM | 5.0 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 | Visit IBM Fix Central and upgrade to EP3
Cúram SPM | 5.2 SP1 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 SP4 | Visit IBM Fix Central and upgrade to EP24
Cúram SPM | 5.2 SP4 DE | Visit IBM Fix Central and upgrade to EP11
Cúram SPM | 5.2 SP5 | Visit IBM Fix Central and upgrade to EP4
Cúram SPM | 5.2 SP6 | Visit IBM Fix Central and upgrade to EP5
Cúram SPM | 6.0 SP2 | Visit IBM Fix Central and upgrade to EP25
Cúram SPM | 6.0.3.0 | Visit IBM Fix Central and upgrade to iFix 8
Cúram SPM | 6.0.4.0 | Visit IBM Fix Central and upgrade to iFix 13
Cúram SPM | 6.0.4.3 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.4.4 | Visit IBM Fix Central and upgrade to iFix 7
Cúram SPM | 6.0.4.5 | Visit IBM Fix Central and upgrade to iFix 5
Cúram SPM | 6.0.5.2 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.5.3 | Visit IBM Fix Central and upgrade to iFix 8
Cúram SPM | 6.0.5.4 | Visit IBM Fix Central and upgrade to iFix 2
Workarounds and Mitigations
None
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P