Security Bulletin: Network Intrusion Prevention System is affected by multiple Apache web server vulnerabilities (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)

Summary Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-6438 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modda...

Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in the Apache HTTP server, caused by an error in the mod_log_config module (CVE-2014-0098)

Summary Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modlogconfig module. Vulnerability Details CVE-ID: CVE-2014-0098 DESCRIPTION: IBM Tealeaf Customer Experience’s PCA uses the Apache HTTP server to render its web console. Apache HTTP server is vulnerable to...

CVE-2014-0098

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...