Lucene search

K
ibmIBM4A91EBA290B30504A8EF2EE87060FA1D3D5EF2F7A2869B4D9ACCE1C477DA4795
HistoryFeb 27, 2020 - 10:34 a.m.

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

2020-02-2710:34:31
www.ibm.com
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Summary

IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server.

Vulnerability Details

CVEID:CVE-2018-20843
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security SiteProtector System 3.1.1
IBM Security SiteProtector System 3.0.0

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Security SiteProtector System 3.1.1

Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:

UpdateServer_3_1_1_14.pkg
IBM Security SiteProtector System| 3.0.0|

Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:

UpdateServer_3_1_1_14.pkg

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security siteprotector systemeqany

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C