Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearQuest

Summary

IBM HTTP Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability (CVE-2014-0963) affecting IBM HTTP Server has been published in a security bulletin.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

Review security bulletin 1672843 for IBM HTTP Server for vulnerability details.

Affected Products and Versions

IBM Rational ClearQuest CM Server/CQWeb server component.

Versions affected: 7.0.0.x, 7.0.1.x, 7.1.1.x, 7.1.2.x, 8.0.0.x, 8.0.1.x.

Other parts of IBM Rational ClearQuest are not affected.

Remediation/Fixes

Update your CM Server/CQWeb server system to a newer version of IBM HTTP Server.
Apply the fixes listed in the security bulletin referenced above.

Affected Versions

|

Applying the fix

—|—
7.0.x| Document 1295608 explains how to update IBM HTTP Server in the RWP component of ClearQuest. Consult those instructions when applying the fix.
7.1.0.x, 7.1.1.x, and 7.1.2.x| Document 1390803 explains how to update IBM HTTP Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix.
8.0.0.x, 8.0.1.x| Apply the IBM HTTP Server fix directly to your CMServer/CQWeb server host. No ClearQuest-specific steps are necessary.

Workarounds and Mitigations

None