In Apache Commons FileUpload, there is the vulnerability of Denial of Service (DoS). I want to know the strategy of intra-mart products.

In Apache Commons FileUpload, the vulnerability of Denial of Service (DoS) is released.

For the content released on the above website, we have released appropriates patch as our measures.

Target versions are announced as follows:
Apache Commons Fileupload 1.3 to 1.3.1
Apache Commons Fileupload 1.2 to 1.2.2

Relations between iWP/iAP and Commons Fileupload versions are as follows. (However, the relations may partly vary depending on whether to apply a patch.)
iAP 8.0.x -> Commons-Fileupload 1.2/1.2.2
iWP 7.2 -> Commons-Fileupload 1.2/1.2.2
iWP 7.1 -> Commons-Fileupload 1.2
iWP 7.0 -> Commons-Fileupload 1.2
iWP 6.1 -> Commons-Fileupload 1.1.1
iWP 6.0 -> Commons-Fileupload 1.0
We verified that the vulnerability is reproduced between iAP and iWP6.1 to 7.2 and no vulnerability is reproduced in earlier versions.

○In use of intra-mart AccelPlatform products
With IM-Juggling, the target patch can be downloaded.
For details, refer to “Patching modules” in intra-mart Accel Platform Setup Guide.
The requirement is released in the following URL.

○In use of intra-mart WebPlatform/AppFramework products
Appropriate patches can be downloaded from the following URLs.
iWP 7.2: (Japanese)
iWP 7.1: (Japanese)
iWP 7.0: (Japanese)
iWP 6.1: (Japanese)

○Workaround other than patch application
Until a patch is applied, the following workaround can mitigate the effects of this vulnerability.

・Limiting the size of the HTTP request header.

-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
iAP/Accel Platform/All Updates

Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk