7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.9%
Denial of service vulnerability in mod_dav module of Apache HTTP Server affects Cloud Pak System.
CVEID:CVE-2006-20001
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav. By sending a specially crafted If: request header, an attacker could exploit this vulnerability to cause the process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System | 2.3 |
Please refer to section below for mitigation.
if you are using mod_dav module, make sure to disable mod_dav and restart httpd.
In order to disable WebDav module , follow the action steps below
- Change Directory to httpd.conf, which located in the (Apache Home)/conf directory
- Edit the web_dav.so. module
- Comment out the following lines:
_ ## LoadModule dav_module modules/mod_dav.so
##LoadModule dav_fs_module modules/mod_dav_fs.so_
- Save Changes
- Restart Apache Service , run the commands
On Windows:
Apache2
On Linux:
/etc/init.d/httpd restart
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.9%