Main Vulnerability Database SB2014042113

SB2014042113 - Infinite loop in SAN Volume Controller and Storwize Family

Published: April 21, 2014 Updated: July 17, 2023

Security Bulletin ID SB2014042113

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2014-0050)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/865996