IBM Tealeaf Customer Experience may be affected by a vulnerability in the Apache HTTP server, caused by an error in the mod_status module.
CVEID:_CVE-2014-0226 _
DESCRIPTION:
IBM Tealeaf Customer Experiences PCA uses the Apache HTTP server to render its web console. Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by an error in the mod_status module when handling the scoreboard. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94678 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM Tealeaf Customer Experience : v8.0-v9.0.0
Customers can update the mod_status of the Apache server with the Apache provided fixes by following these steps:
httpd.conf
file for the PCA located in:<PCA base install directory>/etc/httpd.conf
LoadModule status_module libexec/mod_status.so
tealeaf restart httpd
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience
|
9.0.0, 9.0.0A
| You can contact the Technical Support team for guidance.
IBM Tealeaf Customer Experience
|
8.8
IBM Tealeaf Customer Experience
|
8.7
IBM Tealeaf Customer Experience
|
8.6 and earlier
| You can contact the Technical Support team for guidance.
For v9.0.0, 9.0.0A, and versions before v8.7, IBM recommends upgrading to a later supported version of the product.
The PCA web console’s Apache server remediation fix for the Apache HTTP Server mod_status buffer overflow vulnerability is to remove the loading of the mod_status module from the Apache server as it isnt needed by the PCA,
CPE | Name | Operator | Version |
---|---|---|---|
tealeaf customer experience | eq | any |