Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE.
CVEID:CVE-2017-15715
**DESCRIPTION:**Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the < FilesMatch > expression matching β$β to a newline character in a malicious filename instead of the end of the filename. By matching the trailing portion of the filename, an attacker could exploit to bypass security controls that use the < FilesMatch > directive.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140857 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Integrated Analytics System | 1.0.0-1.0.23.0 |
Update to the following IBM Integrated Analytics System release :
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Integrated Analytics System | 1.0.24.0 | Link to Fix Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm integrated analytics system | eq | any |