Lucene search

K
ibmIBMBDB3A51564023783F6C0B02BC6BD1A04D4778E784085E0992CECF86F2FAE6D5B
HistoryApr 22, 2024 - 11:02 a.m.

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)

2024-04-2211:02:48
www.ibm.com
9
ibm http server
ibm rational clearquest
ibm websphere application server
security bulletin
vulnerability
fixes

AI Score

6.2

Confidence

High

EPSS

0

Percentile

13.8%

Summary

IBM HTTP Server is used by IBM WebSphere Application Server (WAS) in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearQuest 9.1 - 9.1.0.6
IBM Rational ClearQuest 10.0 - 10.0.5

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Rational ClearQuest, versions 9.1 to 9.1.0.6, 10.0 to 10.0.5 IBM WebSphere Application Server versions 8.5 and 9.0. Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)
ClearQuest Versions Applying the fix
9.1 to 9.1.0.6, 10.0 to 10.0.5 Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest specific steps are necessary.

For 9.0.1.x, 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearquestMatch8.0.0
OR
ibmrational_clearquestMatch8.0.1
OR
ibmrational_clearquestMatch9.0.0
OR
ibmrational_clearquestMatch9.0.1
OR
ibmrational_clearquestMatch9.0.2
OR
ibmrational_clearquestMatch9.1.0
VendorProductVersionCPE
ibmrational_clearquest8.0.0cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
ibmrational_clearquest8.0.1cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.0cpe:2.3:a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
ibmrational_clearquest9.0.1cpe:2.3:a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.2cpe:2.3:a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*
ibmrational_clearquest9.1.0cpe:2.3:a:ibm:rational_clearquest:9.1.0:*:*:*:*:*:*:*