IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs.
CVEID:CVE-2018-20843
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-10098
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165366 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2019-10092
**DESCRIPTION:**Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the mod_proxy error page. A remote attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165367 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Netezza Performance Portal | All |
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Netezza Performance Portal | 2.1.1.11 | Link_to_Fix_Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm netezza performance portal | eq | any |