Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server

Summary

IBM API Connect has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2017-7679
**DESCRIPTION:**Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in mod_mime. By sending a specially crafted Content-Type response header, a remote attacker could exploit this vulnerability to read one byte past the end of a buffer.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/127420 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2017-9798
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/132159 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2017-12618
**DESCRIPTION:*Apache Portable Runtime Utility (APR-util)is vulnerable to a denial of service, caused by failing to validate the integrity of SDBM database files used by apr_sdbm() functions. By making a specially-crafted program or process, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134048 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2017-12613
**DESCRIPTION:*Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in apr_time_exp() functions. By using an invalid month field value, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134049 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2017-15710
**DESCRIPTION:**Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory write error. By sending a specially crafted Accept-Language header value, an attacker could exploit this vulnerability to cause the service to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140858 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2017-15715
**DESCRIPTION:**Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the < FilesMatch > expression matching '$' to a newline character in a malicious filename instead of the end of the filename. By matching the trailing portion of the filename, an attacker could exploit to bypass security controls that use the < FilesMatch > directive.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140857 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2018-1301
**DESCRIPTION:**Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size limit has been reached reading the HTTP header. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to cause the service to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-0211
**DESCRIPTION:**Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules' scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158929 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2019-0220
**DESCRIPTION:**Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158948 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2018-20843
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-10092
**DESCRIPTION:**Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the mod_proxy error page. A remote attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165367 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2019-10098
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165366 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-1927
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178936 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID:CVE-2020-1934
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178937 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

IBM API Connect

V5.0.0.0-V5.0.8.11

| 5.0.8.12| LI82296 |

Addressed in IBM API Connect V5.0.8.12

Management server is impacted.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None