IBMA9ECF707B78BD9A12EFA38EE1FED50CD27741879DCFB1F877F10F5A3FC5468CCSecurity Bulletin: Apache denial of service vulnerability in QRadar (CVE-2014-0118)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Summary
Open source Apache HTTP Server is vulnerable to a denial of service, caused by an error in the mod_deflate module as used in IBM QRadar 7.1 MR2 and IBM QRadar 7.2.3
Vulnerability Details
CVE-ID:CVE-2014-0118
DESCRIPTION:Apache HTTP Server is vulnerable to a denial of service, caused by an error in the mod_deflate module. By sending specially-crafted requests, an attacker could exploit this vulnerability to exhaust all available CPU and memory resources.
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/94675 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
- IBM QRadar 7.1 MR2 Patch 7 or lower
- IBM QRadar 7.2.3 Patch 3 or lower
Remediation/Fixes
The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.
| Product | Remediation/First Fix |
|---|---|
| QRadar 7.1 MR2 | QRadar 7.1 MR2 Patch 8 |
| QRadar 7.2.3 | QRadar 7.2.3 Patch 4 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.1 | |
| ibm security qradar siem | eq | 7.2 |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P