SB2025011572 - Multiple vulnerabilities in IBM Tivoli Business Service Manager

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2013-2186)

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file names with a NULL byte within the DiskFileItem class. A remote attacker can upload a specially crafted file with a NULL byte in its name and overwrite arbitrary files on the system.

2) Resource exhaustion (CVE-ID: CVE-2016-3092)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.

The vulnerability exists due to input validation error when processing very long boundary strings within the MultipartStream class in Apache Commons Fileupload. A remote user can cause denial of service conditions by sending specially crafted boundary string and consume excessive CPU resources.

Successful exploitation of this vulnerability may result in denial of service attack.

3) Infinite loop (CVE-ID: CVE-2014-0050)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-fileupload-affects-ibm-tivoli-business-service-manager-cve-2013-2186-cve-2013-0248-cve-2016-3092-cve-2014-0050-220723/