Regarding our handling of alerting the vulnerability of Apache Commons FileUpload and Apache Tomcat, the appropriate patch related to the content published on the following URL has been released.
https://www.jpcert.or.jp/english/at/2014/at140007.html
(CVE-2014-0050)
Details are as follows:
Although versions 1.0 to 1.3 are affected according to the release, we confirmed that vulnerability is reproduced between version 1.2.2 and 1.3 only, but it does not occur in former versions.
iWP/iAP and Commons Fileupload versions are related as follows (some relations may vary depending on patch application):
iAP 8.0.x -> Commons-Fileupload 1.2 / 1.2.2
iWP 7.2 -> Commons-Fileupload 1.2.2 / 1.2
iWP 7.1 -> Commons-Fileupload 1.2
iWP 7.0 -> Commons-Fileupload 1.2
iWP 6.1 -> Commons-Fileupload 1.1.1
iWP 6.0 -> Commons-Fileupload 1.0
iAP: https://issue.intra-mart.jp/issues/4370
* Commons-Fileupload 1.2.2 to which the patch is applied is 2013 Winter (8.0.6) only.
iWP:http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1173 (Japanese)
* Commons-FileUpload 1.2.2 to which the patch is applied is WebPlatform/AppFramework 7.2 Patch06 or later.
*Make sure to replace only when commons-fileupload-1.2.2.jar is used. If replacement is performed in the environment using commons-fileupload-1.2.jar, malfunction occurs.
-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
iAP/Accel Platform/2013 Winter
--------------------------------------------------------------------------------
FAQID:710