Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2013-4286 CVE-2013-4322 CVE-2014-0075 CVE-2014-0099 CVE-2013-4332 |
| CWE-ID | CWE-20 CWE-190 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM SAN Volume Controller Hardware solutions / Other hardware appliances IBM Storwize V7000 Hardware solutions / Other hardware appliances IBM Storwize V5000 Hardware solutions / Other hardware appliances IBM Storwize V3700 Hardware solutions / Other hardware appliances IBM Storwize V3500 Hardware solutions / Other hardware appliances |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU64542
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a request-smuggling attack.
The vulnerability exists due to HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers. A remote attacker can trigger incorrect identification of a request's length and conduct request-smuggling attacks via multiple Content-Length headers or a Content-Length header and a "Transfer-Encoding: chunked" header.
This vulnerability exists because of an incomplete fix for CVE-2005-2090.
Install update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.2.0.8
IBM Storwize V7000: before 7.2.0.8
IBM Storwize V5000: before 7.2.0.8
IBM Storwize V3700: before 7.2.0.8
IBM Storwize V3500: before 7.2.0.8
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/865974
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU64543
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4322
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Tomcat processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field. A remote attacker can cause a denial of service by streaming data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.2.0.8
IBM Storwize V7000: before 7.2.0.8
IBM Storwize V5000: before 7.2.0.8
IBM Storwize V3700: before 7.2.0.8
IBM Storwize V3500: before 7.2.0.8
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/865974
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU64548
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0075
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat. A remote attacker can cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.2.0.8
IBM Storwize V7000: before 7.2.0.8
IBM Storwize V5000: before 7.2.0.8
IBM Storwize V3700: before 7.2.0.8
IBM Storwize V3500: before 7.2.0.8
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/865974
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU64554
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0099
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a HTTP request smuggling attack.
The vulnerability exists due to integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat when operated behind a reverse proxy. A remote attacker can conduct HTTP request smuggling attack via a crafted Content-Length HTTP header.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.2.0.8
IBM Storwize V7000: before 7.2.0.8
IBM Storwize V5000: before 7.2.0.8
IBM Storwize V3700: before 7.2.0.8
IBM Storwize V3500: before 7.2.0.8
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/865974
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU82081
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4332
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.2.0.8
IBM Storwize V7000: before 7.2.0.8
IBM Storwize V5000: before 7.2.0.8
IBM Storwize V3700: before 7.2.0.8
IBM Storwize V3500: before 7.2.0.8
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/865974
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
