Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)


## Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. ## Vulnerability Details **CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>)** DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ## Affected Products and Versions IBM Smart Cloud Entry 2.4, 3.1, and 3.2 ## Remediation/Fixes **Product** | **VRMF**| **APAR**| **Remediation/First Fix** ---|---|---|--- IBM SmartCloud Entry| 3.2| None| Contact [IBM Support.](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) IBM SmartCloud Entry| 3.1| None IBM SmartCloud Entry| 2.4| None For all IBM Smart Cloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189. For information about the latest release of IBM Cloud Manager for Openstack, please see** **[**http://www-01.ibm.com/support/docview.wss?uid=isg400003605**](<http://www-01.ibm.com/support/docview.wss?uid=isg400003605>)[](<http://www-01.ibm.com/support/docview.wss?uid=isg400003360>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm cloud manager with openstack 2.4
ibm cloud manager with openstack 3.1
ibm cloud manager with openstack 3.2