IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server.
CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before decoding the session by mod_session. An attacker could exploit this vulnerability to ignore session expiry time and gain access to the application.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156006> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-0220 DESCRIPTION: Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158948> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected IBM Security SiteProtector System | Affected Versions |
---|---|
IBM Security SiteProtector System | 3.1.1 |
IBM Security SiteProtector System | 3.0.0 |
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Security SiteProtector System | 3.1.1 |
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
UpdateServer_3_1_1_13.pkg
IBM Security SiteProtector System | 3.0.0 |
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
UpdateServer_3_1_1_13.pkg
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security siteprotector system | eq | any |