Lucene search

IBMB6E5172B8A2F9D0BD6F1BA19A4A6294FD251792CABB34C192DFCEAB83B06924F

HistoryApr 19, 2023 - 3:11 p.m.

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

2023-04-1915:11:52

www.ibm.com

ibm

apache

http server

vulnerability

http response splitting

denial of service

ibm i

cve-2022-37436

cve-2006-20001

fixes

ptf

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.5%

JSON

Summary

IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks due to a use of malicious backend and a denial of service attack due to an out-of-bounds read or write as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes section.

Vulnerability Details

CVEID:CVE-2022-37436
**DESCRIPTION:**Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by the use of a malicious backend by mod_proxy. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2006-20001
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav. By sending a specially crafted If: request header, an attacker could exploit this vulnerability to cause the process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM i	7.5
IBM i	7.4
IBM i	7.3
IBM i	7.2

Remediation/Fixes

The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers contain the fix for the vulnerabilities.

<https://www.ibm.com/support/fixcentral>

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmplanning_analyticsMatch7.4.0

ibmplanning_analyticsMatch7.3.0

ibmiMatch7.5.0

ibmiMatch7.4.0

ibmiMatch7.3.0

ibmiMatch7.2.0

ibmplanning_analyticsMatch7.5.0

ibmplanning_analyticsMatch7.2.0

CPENameOperatorVersion
ibm i 7.4 preventative service planningeq7.4.0
ibm i 7.3 preventative service planningeq7.3.0
ibm ieq7.5.0
ibm ieq7.4.0
ibm ieq7.3.0
ibm ieq7.2.0
ibm i 7.5 preventative service planningeq7.5.0
ibm i 7.2 preventative service planningeq7.2.0

Name	Operator	Version
ibm i 7.4 preventative service planning	eq	7.4.0
ibm i 7.3 preventative service planning	eq	7.3.0
ibm i	eq	7.5.0
ibm i	eq	7.4.0
ibm i	eq	7.3.0
ibm i	eq	7.2.0
ibm i 7.5 preventative service planning	eq	7.5.0
ibm i 7.2 preventative service planning	eq	7.2.0