CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
72.3%
Stack buffer overflow may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server.
CVEID: CVE-2015-4947** **
DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer overflow, caused by improper handling of user input. An authenticated remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104912 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
This vulnerability affects the following versions and releases of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products.
The recommended solutions is to apply the interim fix, Fix Pack or PTF containing APAR PI44793 for each named product as soon as practical. **
For affected IBM HTTP Server for WebSphere Application Server:** **
For V8.5.0.0 through 8.5.5.6 Full Profile:**
· Upgrade to a minimum of Fix Pack 8.5.5.4 or later then apply Interim Fix PI44793
--OR–
· Apply Fix Pack 8.5.5.7 or later.
**
For V8.0 through 8.0.0.11:**
· Upgrade to a minimum of Fix Pack 8.0.0.9 or later and then apply Interim Fix PI44793
--OR–
· Apply Fix Pack 8.0.0.12 or later.
**
For V7.0.0.0 through 7.0.0.37:**
· Upgrade to a minimum of Fix Pack 7.0.0.33 or later and then apply Interim Fix PI44793
--OR–
· Apply Fix Pack 7.0.0.39 or later.
For V6.1.0.0 through 6.1.0.47:
· Upgrade to Fix Pack 6.1.0.47 and then apply cumulative Interim Fix PI45596, this includes the fix for PI44793
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | http_server | 8.5.5 | cpe:2.3:a:ibm:http_server:8.5.5:*:*:*:*:*:*:* |
ibm | http_server | 8.5 | cpe:2.3:a:ibm:http_server:8.5:*:*:*:*:*:*:* |
ibm | http_server | 8.0 | cpe:2.3:a:ibm:http_server:8.0:*:*:*:*:*:*:* |
ibm | http_server | 7.0 | cpe:2.3:a:ibm:http_server:7.0:*:*:*:*:*:*:* |
ibm | http_server | 6.1 | cpe:2.3:a:ibm:http_server:6.1:*:*:*:*:*:*:* |