Lucene search

K
ibmIBMFCCA253DA026335321275A4751ABE62FAF35F14D4CFC0CE453CC4BB7935E4430
HistoryFeb 18, 2023 - 1:45 a.m.

Security Bulletin: A Vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900

2023-02-1801:45:50
www.ibm.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.8%

Summary

There is a vulnerability in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability (CVE-2017-6056) could allow a remote attacker to wage a denial of service attack.

Vulnerability Details

CVEID: CVE-2017-6056 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122312 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

FlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1.

FlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2.

Code versions affected include supported VRMFs:
· 1.4.0.0 – 1.4.2.0
· 1.3.0.0 – 1.3.0.5

Remediation/Fixes

MTMs

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem****840 MTM:
9840-AE1 &
9843-AE1

FlashSystem 900 MTMs:
9840-AE2 &
9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:

___ Fixed code VRMF .__
_1.4 stream: 1.4.3.0 _
1.3 stream: 1.3.0.6| _ N/A| FlashSystem 840 fixes****and FlashSystem 900 fixes****are available @ IBM’s Fix Central _

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.8%

Related for FCCA253DA026335321275A4751ABE62FAF35F14D4CFC0CE453CC4BB7935E4430