Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2023-52425]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-52425 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)

Summary IBM HTTP Server is used by IBM WebSphere Application Server WAS in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-52425)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

IBM HTTP Server 8.5.0.0 < 8.5.5.26 / 9.0.0.0 < 9.0.5.18 DoS (7129933)

The version of IBM HTTP Server running on the remote host is affected by a denaial of service vulnerability. - libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large token, a remote attacker could...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-31122]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-31122 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Request Splitting Attacks (6963650)

The version of IBM HTTP Server running on the remote host is affected by an request splitting attack vulnerability due to an error when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to an attacker uploading arbitrary files and obtaining sensitive information (CVE-2023-45802, CVE-2023-31122)

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to an attacker uploading arbitrary files due to improper validation CVE-2023-45802 and obtaining sensitive information due to an out of bounds read flaw CVE-2023-31122 as described in the vulnerability details section. This...

Security Bulletin: Vulnerability in Apache HTTP Server affects IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-31122)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122)

Summary IBM HTTP Server is vulnerable to information disclosure when using the modmacro module due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2023-31122 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an out-of-boun...

IBM HTTP Server 8.5.5.22 < 8.5.5.24 DoS (6958522)

The version of IBM HTTP Server running on the remote host is affected by a denial of service DoS vulnerability, which could allow an unauthenticated, remote attacker to cause a denial of service using a specially crafted URL. Note that Nessus has not tested for this issue but has instead relied...

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Information Disclosure (6998037)

The version of IBM HTTP Server running on the remote host is affected by an information disclosure vulnerability due to IBM GSKit which is used for SSL connections. An unauthenticated, remote attacker could exploit a timing-based side channel in the RSA Decryption implementation, by sending an...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2023-25690, CVE-2023-24966, CVE-2023-24998, CVE-2023-27554, CVE-2022-39161, CVE-2023-32342 and CVE-2023-35890. The remediati...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.23 / 9.0.0.0 < 9.0.5.14 Code Execution

The version of IBM HTTP Server running on the remote host is affected by an arbitrary code execution vulnerability in the Expat library. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-32342]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-32342 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...