6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.956 High
EPSS
Percentile
99.4%
Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System.
CVE-ID:CVE-2013-6438
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an error in the mod_dav module when tracking the length of CDATA that includes removing white space. By sending a specially-crafted DAV WRITE request, a remote attacker could exploit this vulnerability to cause the service to stop responding.
The attack does not require local network access or authentication, but some specialized knowledge and techniques are required. An exploit would not affect the integrity of data or confidentiality of information, but it could impact the availability of the system.
Affected Versions: Apache HTTP Server before 2.4.8
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90878 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2014-0098
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an error in the mod_log_config module when logging a cookie with an unassigned value. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the service to crash.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit would not affect the integrity of data or confidentiality of information, but it could impact the availability of the system.
Affected Versions: Apache HTTP Server before 2.4.8
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91879 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2014-0226
**DESCRIPTION:**Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by a race condition in the mod_status module when handling the scoreboard. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit could affect the integrity of data, confidentiality of information, and the availability of the system.
Affected Versions: Apache HTTP Server before 2.4.10
CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94678 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID:CVE-2014-0231
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an error in the mod_cgid module. By sending specially-crafted requests, an attacker could exploit this vulnerability to cause child processes to hang.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit would not affect the integrity of data or confidentiality of information, but it could impact the availability of the system.
Affected Versions: Apache HTTP Server before 2.4.10
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94674 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
**Products:**GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
The following IBM Threat Fixpacks have the fixes for these vulnerabilities:
None