IBM0EB149242AF86C92359FD2819FE5CA2FA94AAA9A6E3A7381956968DD540CEF70Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Summary
httpd is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2017-9798
DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-12171
DESCRIPTION: A regression error in Red Hat Enterprise Linux 6.9 within Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the improper parsing of comments in the “Allow” and “Deny” configuration lines. An attacker could exploit this vulnerability to bypass security restrictions and allow any client to gain access to restricted HTTP resource.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133645 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2017-9788
DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by the failure to properly initialize memory used to process ‘‘Digest’’ type HTTP Authorization headers by the mod_auth_digest component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a segmentation fault.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128482 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2017-7679
DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in mod_mime. By sending a specially crafted Content-Type response header, a remote attacker could exploit this vulnerability to read one byte past the end of a buffer.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127420 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-3169
DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a NULL pointer dereference in mod_ssl. By sending a specially crafted HTTP request to an HTTPS port, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127417 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3167
DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the use of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker could exploit this vulnerability to bypass authentication requirements.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127416 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-7668
DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a buffer overread in the ap_find_token() function. By sending a specially crafted sequence of request headers, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127419 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
Version
|
CVE list
—|—
Power HMC V8.8.4.0
| CVE-2017-9798, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169, CVE-2017-3167, CVE-2017-12171
Power HMC V8.8.5.0
| CVE-2017-9798, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169, CVE-2017-3167, CVE-2017-12171
Power HMC V8.8.6.0
| CVE-2017-9798, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169, CVE-2017-3167, CVE-2017-7668
Power HMC V8.8.7.0
| CVE-2017-9798, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169, CVE-2017-3167, CVE-2017-7668
Remediation/Fixes
The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.4.0 SP3
|
MB04104
|
Power HMC
|
V8.8.5.0 SP3
|
MB04105
|
Power HMC
|
V8.8.6.0 SP2
|
MB04118
|
Power HMC
|
V8.8.7.1 ppc
|
MB04114
|
Power HMC
|
V8.8.7.1 x86
|
MB04113
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| power system hardware management console physical appliance | eq | any |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%