Lucene search

K
ibmIBM03ED4E65D675201741F45F6992A35650D473C18BE951F4CC0861AC219C6BE2F3
HistoryMar 31, 2023 - 4:41 p.m.

Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

2023-03-3116:41:42
www.ibm.com
16

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.9%

Summary

Denial of service vulnerability in mod_dav module of Apache HTTP Server affects Cloud Pak System.

Vulnerability Details

CVEID:CVE-2006-20001
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav. By sending a specially crafted If: request header, an attacker could exploit this vulnerability to cause the process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak System 2.3.3.0 - 2.3.3.5 (Intel)
IBM Cloud Pak System Software Suite 2.3.3.0 - 2.3.3.5 (Intel)
IBM Cloud Pak System 2.3

Remediation/Fixes

Please refer to section below for mitigation.

Workarounds and Mitigations

if you are using mod_dav module, make sure to disable mod_dav and restart httpd.

In order to disable WebDav module , follow the action steps below

- Change Directory to httpd.conf, which located in the (Apache Home)/conf directory

- Edit the web_dav.so. module

- Comment out the following lines:
_ ## LoadModule dav_module modules/mod_dav.so
##LoadModule dav_fs_module modules/mod_dav_fs.so_

- Save Changes

- Restart Apache Service , run the commands

On Windows:
Apache2

On Linux:
/etc/init.d/httpd restart

CPENameOperatorVersion
ibm cloud pak system softwareeq2.3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.9%