A high-severity Denial of Service vulnerability (CVSS Base Score 7.5) exists in Apache Commons and Apache Tomcat, exploitable via a remote attack vector. The article lists a wide range of affected products and systems, including numerous IBM, Red Hat, Debian, and F5 offerings, but does not specify the exact vulnerable version ranges for the core Apache components or the patched versions. Mitigation is noted as available, though specific patch versions or workarounds are not detailed in the provided text.
[WID-SEC-2023-0433] Apache Commons und Apache Tomcat: Schwachstelle ermöglicht Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 20.02.2023 Stand UPDATE 27.03.2026 Mitigation ja Betroffene Systeme Betriebssystem Linux Sonstiges UNIX Windows Produktbeschreibung Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt. Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen. Produkte UPDATE 29.10.2025 NetApp ActiveIQ Unified Manager UPDATE 17.09.2024 IBM Rational Asset Manager 7.5.4.15 UPDATE 07.01.2024 IBM Security Verify Access 10.0.0.0-10.0.6.1 UPDATE 20.12.2023 IBM Business Automation Workflow UPDATE 29.11.2023 Extreme Networks Extreme Management Center UPDATE 07.11.2023 Red Hat Enterprise Linux UPDATE 31.10.2023 IBM Rational Build Forge <8.0.0.24 UPDATE 10.10.2023 Debian Linux UPDATE 10.09.2023 IBM Tivoli Monitoring 6.3.0.7 UPDATE 04.09.2023 Red Hat JBoss Web Server <5.7.4 UPDATE 31.07.2023 IBM Rational Change <5.3.2.6 UPDATE 17.07.2023 Hitachi Command Suite Hitachi Ops Center Hitachi Configuration Manager UPDATE 06.07.2023 IBM QRadar SIEM 7.5 IBM Power Hardware Management Console DS8000 UPDATE 04.07.2023 Dell NetWorker <19.9.0.1 UPDATE 28.06.2023 IBM MQ IBM MQ appliance UPDATE 22.06.2023 IBM Integration Bus UPDATE 21.06.2023 IBM Operational Decision Manager 8.10.x IBM Operational Decision Manager 8.11.x UPDATE 20.06.2023 IBM Spectrum Protect plus 10.1 UPDATE 14.06.2023 IBM Rational ClearCase UPDATE 04.06.2023 IBM Business Automation Workflow traditional Extreme Networks Extreme Management Center UPDATE 01.06.2023 F5 BIG-IP UPDATE 30.05.2023 IBM Security Identity Manager UPDATE 29.05.2023 Gentoo Linux UPDATE 07.05.2023 IBM TXSeries 9.1 IBM TXSeries 8.2 IBM TXSeries 8.1 UPDATE 04.05.2023 Amazon Linux 2 UPDATE 01.05.2023 IBM Business Automation Workflow IBM Tivoli Business Service Manager <6.2.0.5 UPDATE 23.04.2023 IBM Power Hardware Management Console V10 UPDATE 19.04.2023 IBM WebSphere Service Registry and Repository 8.5 IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 UPDATE 13.04.2023 IBM Business Automation Workflow 21.0.2 IBM Business Automation Workflow 21.0.3 IBM Business Automation Workflow 22.0.1 IBM Business Automation Workflow 18.0.0.0 IBM Business Automation Workflow 18.0.0.1 IBM Business Automation Workflow 18.0.0.2 IBM Business Automation Workflow 19.0.0.1 IBM Business Automation Workflow 19.0.0.2 IBM Business Automation Workflow 19.0.0.3 IBM Business Automation Workflow 20.0.0.1 IBM Business Automation Workflow 20.0.0.2 IBM Business Automation Workflow 21.0.3.1 IBM Business Automation Workflow 22.0.2 UPDATE 12.04.2023 IBM Tivoli Netcool/OMNIbus 8.1.0 UPDATE 11.04.2023 IBM Operational Decision Manager 8.10 IBM Operational Decision Manager 8.11 UPDATE 10.04.2023 IBM WebSphere Application Server 8.5 IBM WebSphere Application Server 9.0 IBM WebSphere Application Server 17.0.0.3-23.0.0.3 UPDATE 20.03.2023 IBM Tivoli Netcool/OMNIbus <8.1.0 FP30 UPDATE 12.03.2023 SUSE Linux 20.02.2023 Apache Tomcat Apache Commons FileUpload <1.5 Angriff Angriff Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons und Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben