Vulnerability in the Apache Commons FileUpload before 1.5 and earlier component shipped with Rational Change may affect the security of the product.
CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Rational Change | 5.3.2.5 |
Product | VRFM | APAR | Remediation/Fix |
---|---|---|---|
Rational Change | 5.3.2.6 | None. |
Upgrade to Rational Change 5.3.2.6 supporting Apache Commons FileUpload 1.5 from IBM Passport Advantage and apply it.
NOTE:
Download the Rational Change 5.3.2.6 installation image by referring to the installation platform and its part number in the following list:
None.
CPE | Name | Operator | Version |
---|---|---|---|
rational change | eq | 5.3.2.5 |