Site icon API Security Blog

Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Tomcat, Apache Commons FileUpload, and Apache Axis. A remote attacker could exploit these vulnerabilities to cause a denial of service condition, to obtain a session cookie, sensitive and Http11Processor instance information and use this informations to launch further attacks against the affected system, to conduct XSS attacks, to conduct SSRF attack, using a specially crafted URL to redirect a victim to arbitrary Web sites, to continue to use the socket after it has been closed, to cause the application to enter into an infinite loop, and to obtain sensitive information leaking from the current request/response to the next, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2023-28708 DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by theā€¦Read More

Exit mobile version