IBM Algo Audit and Compliance Apache Tomcat Chunked Request Handling Vulnerability


Description   IBM has acknowledged a vulnerability in IBM Algo Audit and Compliance, which can be exploited by malicious people to bypass certain security restrictions.
For more information:
SA62768
The vulnerability is reported in version 2.1.0.
     
Vulnerable Products   Vulnerable Software:
IBM Algo Audit and Compliance 2.x
     
Solution   Apply 2.1.0.2 interim fix 4.
     
CVE   CVE-2014-0227
     
References   http://www.ibm.com/support/docview.wss?uid=swg21698437
http://www.ibm.com/support/docview.wss?uid=swg24038958
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Request Smuggling : HTTP command found in header
3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header
3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword
3.2.0
HTTP Request Smuggling : multiple Content-Length fields
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-03-11 

 Target Type 
Server 

 Possible exploit 
Remote