Lucene search

K
ibmIBM5884DF21D2631288857964D02AB2E95DADC0120A45CB43A9A58C601F4CFD0A83
HistoryFeb 02, 2023 - 5:40 p.m.

Security Bulletin: IBM Aspera Orchestrator was vulnerable to denial of service due to an Apache HTTP Server vulnerability (CVE-2021-34798)

2023-02-0217:40:12
www.ibm.com
21
ibm aspera orchestrator
vulnerability
denial of service
cve-2021-34798
apache http server
fix
linux

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.009

Percentile

82.8%

Summary

The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1.

Vulnerability Details

**CVEID:**CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Aspera Orchestrator 4.0.0 and earlier

Remediation/Fixes

It is recommended to apply the fix as soon as possible, see link below.

Product(s) Version Platform Link to Fix
IBM Aspera Orchestrator 4.0.1 Linux click here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmaspera_orchestratorMatch4.0.0
OR
ibmaspera_orchestratorMatch4.0.1
VendorProductVersionCPE
ibmaspera_orchestrator4.0.0cpe:2.3:a:ibm:aspera_orchestrator:4.0.0:*:*:*:*:*:*:*
ibmaspera_orchestrator4.0.1cpe:2.3:a:ibm:aspera_orchestrator:4.0.1:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.009

Percentile

82.8%