Lucene search

K
ibmIBM41DB1D251DBEF71BB81BDE744D4016A1BA69B68254C65190690B3ED20B6E43CC
HistoryNov 22, 2022 - 3:44 p.m.

Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

2022-11-2215:44:34
www.ibm.com
101
ibm http server
denial of service
libexpat
vulnerability
fix pack
system z
security bulletin

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

76.9%

Summary

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed.

Vulnerability Details

**CVEID:**CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238951 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2013-0340 DESCRIPTION: expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/132738 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

**CVEID:**CVE-2017-9233 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a XML External Entity vulnerability in the parser. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause an infinite loop.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/129459 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM HTTP Server 9.0
IBM HTTP Server 8.5
IBM HTTP Server 8.0
IBM HTTP Server 7.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains APAR PH50316.

For IBM HTTP Server used by IBM WebSphere Application Server:

For V9.0.0.0 through 9.0.5.14:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH50316
--OR–
· Apply Fix Pack 9.0.5.15 or later (targeted availability 2Q2023).

For V8.5.0.0 through 8.5.5.22:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH50316
--OR–
· Apply Fix Pack 8.5.5.23 or later (targeted availability 1Q2023).

For V8.0.0.0 through 8.0.0.15:
· Upgrade to 8.0.0.15 and then apply Interim Fix PH50316

For V7.0.0.0 through 7.0.0.45:
· Upgrade to 7.0.0.45 and then apply Interim Fix PH50316

Additional interim fixes may be available and linked off the interim fix download page.

IBM HTTP Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Important Note

IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and
integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will
be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential
risk.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmhttp_serverMatch7.0
OR
ibmhttp_serverMatch8.0
OR
ibmhttp_serverMatch8.5
OR
ibmhttp_serverMatch9.0
VendorProductVersionCPE
ibmhttp_server7.0cpe:2.3:a:ibm:http_server:7.0:*:*:*:*:*:*:*
ibmhttp_server8.0cpe:2.3:a:ibm:http_server:8.0:*:*:*:*:*:*:*
ibmhttp_server8.5cpe:2.3:a:ibm:http_server:8.5:*:*:*:*:*:*:*
ibmhttp_server9.0cpe:2.3:a:ibm:http_server:9.0:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

76.9%