IBM Support

PCI Compliance

News


Abstract

PCI Compliance

Content

The Payment Card Industry Data Security Standard (PCI DSS) is a set of specific security standards designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment during and after a financial transaction.

Adhering to the specific security standards documented in the PCI DSS make something PCI compliant.

The IBM HTTP Server for i is PCI Compliant Web server. Known Apache security vulnerabilities are patched via. PTFs on IBM i.

IBM i 7.4: Apache security vulnerabilities

IBM i 7.3: Apache security vulnerabilities

IBM i 7.2: Apache security vulnerabilities

IBM i 7.1: Apache security vulnerabilities

Notice: On Dec 31, 2017, the Apache 2.2 server that is delivered with IBM i HTTP Server (5770DG1) on i 7.1 will be going out of support. No CVE fix will be delivered after that. To insure you remain on a fully support and compliant web server you need to consider moving to IBM i 7.2 or higher. 

IBM i 7.4: Apache security vulnerabilities: 

Common vulnerabilities and exposures

Description

Severity

Status on IBM i

PTF(s)

CVE-2020-11993 Push Diary Crash on Specifically Crafted HTTP/2 Header moderate Fixed SI74088
CVE-2020-9490 Push Diary Crash on Specifically Crafted HTTP/2 Header important Fixed SI74088
CVE-2020-11985 IP address spoofing when proxying using mod_remoteip and mod_rewrite low Not Applicable Not Applicable
CVE-2020-11984 mod_proxy_uwsgi buffer overflow moderate Not Applicable Not Applicable
CVE-2019-10280 Apache server is vulnerable to a DoS low Not Applicable Not Applicable
CVE-2020-1927 mod_rewrite CWE-601 open redirect low Fixed SI73415
CVE-2020-1934 mod_proxy_ftp use of uninitialized value low Fixed SI73415
CVE-2019-10092 Limited cross-site scripting in mod_proxy error page low Fixed SI71097
CVE-2019-10098 mod_rewrite potential open redirect low Fixed SI71097
CVE-2019-10082 mod_http2, read-after-free in h2 connection shutdown moderate Fixed SI70962
CVE-2019-10081 mod_http2, memory corruption on early pushes moderate Fixed SI70962
CVE-2019-9517 mod_http2, DoS attack by exhausting h2 workers. moderate Fixed SI70961
CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference moderate Not Applicable Not Applicable
CVE-2019-0220  Apache httpd URL normalization inconsistincy low Fixed SI69187
CVE-2019-0916 mod_http2, read-after-free on a string compare low Fixed SI69189
CVE-2019-0917 mod_http2, possible crash on late upgrade low Fixed SI69189
CVE-2019-0215 mod_ssl access control bypass important Not Applicable Not Applicable
CVE-2019-0217 mod_auth_digest access control bypass important Not Applicable Not Applicable
CVE-2019-0211  Apache HTTP Server privilege escalation from modules' scripts important Not Applicable Not Applicable
CVE-2019-0190 mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 important

Not Applicable

Not Applicable
CVE-2018-17189 DoS for HTTP/2 connections via slow request bodies low Not Applicable Not Applicable
CVE-2018-17199 mod_session_cookie does not respect expiry time low Not Applicable Not Applicable
IBM i 7.3: Apache security vulnerabilities: 

Common vulnerabilities and exposures

Description

Severity

Status on IBM i

PTF(s)

CVE-2020-11993 Push Diary Crash on Specifically Crafted HTTP/2 Header moderate Fixed SI74087
CVE-2020-9490 Push Diary Crash on Specifically Crafted HTTP/2 Header important Fixed SI74087
CVE-2020-11985 IP address spoofing when proxying using mod_remoteip and mod_rewrite low Fixed SI74074
CVE-2020-11984 mod_proxy_uwsgi buffer overflow moderate Not Applicable Not Applicable
CVE-2019-10280 Apache server is vulnerable to a DoS low Not Applicable Not Applicable
CVE-2020-1927 mod_rewrite CWE-601 open redirect low Fixed SI72840
CVE-2020-1934 mod_proxy_ftp use of uninitialized value low Fixed SI72840
CVE-2019-10092 Limited cross-site scripting in mod_proxy error page low Fixed SI71052
CVE-2019-10098 mod_rewrite potential open redirect low Fixed SI71052
CVE-2019-10082 mod_http2, read-after-free in h2 connection shutdown moderate Fixed SI70964
CVE-2019-10081 mod_http2, memory corruption on early pushes moderate Fixed SI70964
CVE-2019-9517 mod_http2, DoS attack by exhausting h2 workers. moderate Fixed SI70970
CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference moderate Not Applicable Not Applicable
CVE-2019-0220  Apache httpd URL normalization inconsistincy low Fixed SI69900
CVE-2019-0916 mod_http2, read-after-free on a string compare low Fixed SI69828
CVE-2019-0917 mod_http2, possible crash on late upgrade low Fixed SI69828
CVE-2019-0215 mod_ssl access control bypass important Not Applicable Not Applicable
CVE-2019-0217 mod_auth_digest access control bypass important Not Applicable Not Applicable
CVE-2019-0211  Apache HTTP Server privilege escalation from modules' scripts important Not Applicable Not Applicable
CVE-2019-0190 mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 important

Not Applicable

Not Applicable
CVE-2018-17189 DoS for HTTP/2 connections via slow request bodies low Fixed SI68962
CVE-2018-17199 mod_session_cookie does not respect expiry time low Not Applicable Not Applicable
CVE-2018-11763 DoS for HTTP/2 connections by continuous SETTINGS low Fixed SI68430

CVE-2018-1333

DoS for HTTP/2 connections by crafted requests

low

Fixed

SI68124

CVE-2018-8011

mod_md, DoS via Coredumps on specially crafted requests

moderate

Not Applicable

Not Applicable

CVE-2018-1301

Possible out of bound access after failure in reading the HTTP request

low

Fixed

SI67362

CVE-2017-15715

<FilesMatch> bypass with a trailing newline in the file name

low

Fixed

SI67362

CVE-2018-1283

Tampering of mod_session data for CGI applications

moderate

Not Applicable

Not Applicable

CVE-2017-15710

Out of bound write in mod_authnz_ldap when using too small Accept-Language values

low

Not Applicable

Not Applicable

CVE-2018-1312

Weak Digest auth nonce generation in mod_auth_digest

low

Not Applicable

Not Applicable

CVE-2018-1302

Possible write of after free on HTTP/2 stream shutdown

low

Not Applicable

Not Applicable

CVE-2018-1303

Possible out of bound read in mod_cache_socache

low

Not Applicable

Not Applicable

CVE-2017-12618

Out-of-bounds access in corrupted SDBM database

moderate

Fixed

SI66488

CVE-2017-12613

Out-of-bounds array dereference in apr_time_exp*() functions

important

Fixed

SI66479

CVE-2017-9798

Use-after-free when using <Limit > with an unrecognized method

in .htaccess ("OptionsBleed")

low

Fixed

SI65906

CVE-2017-9789

Read after free in mod_http2

important

Not Applicable

Not Applicable

CVE-2017-9788

Uninitialized memory reflection in mod_auth_digest

important

Not Applicable

Not Applicable

CVE-2017-7659

mod_http2 Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-3169

mod_ssl Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-7679

mod_mime Buffer Overread

important

Fixed

SI65194

CVE-2017-7668

ap_find_token() Buffer Overread

important

Fixed

SI65194

CVE-2017-3167

ap_get_basic_auth_pw() Authentication Bypass

important

Fixed

SI65194

SI65201

CVE-2016-8743

Apache HTTP Request Parsing Whitespace Defects

important

Fixed

SI63997

CVE-2016-8740

HTTP/2 CONTINUATION denial of service

moderate

Not Applicable

Not Applicable

CVE-2016-2161

DoS vulnerability in mod_auth_digest

low

Not Applicable

Not Applicable

CVE-2016-0736

Padding Oracle in Apache mod_session_crypto

low

Not Applicable Not Applicable

CVE-2016-4975

mod_userdir CRLF injection

moderate

Fixed

SI63997

CVE-2016-0718

Expat XML Parser Crashes on Malformed Input

moderate

Fixed

SF99722 level 5

CVE-2016-5387

HTTP_PROXY environment variable "httpoxy" mitigation

low

Fixed

SF99722 level 5

CVE-2016-4979

TLS/SSL X.509 client certificate auth bypass with HTTP/2

important

Not Applicable

Not Applicable

CVE-2016-1546

mod_http2: denial of service by thread starvation

low

Not Applicable

Not Applicable

 IBM i 7.2: Apache security vulnerabilities: 

Common vulnerabilities and exposures

Description

Severity

Status on IBM i

PTF(s)

CVE-2020-11993 Push Diary Crash on Specifically Crafted HTTP/2 Header moderate Not Applicable Not Applicable
CVE-2020-9490 Push Diary Crash on Specifically Crafted HTTP/2 Header important Not Applicable Not Applicable
CVE-2020-11985 IP address spoofing when proxying using mod_remoteip and mod_rewrite low Fixed SI74073
CVE-2020-11984 mod_proxy_uwsgi buffer overflow moderate Not Applicable Not Applicable
CVE-2019-10280 Apache server is vulnerable to a DoS low Not Applicable Not Applicable
CVE-2020-1927 mod_rewrite CWE-601 open redirect low Fixed SI72748
CVE-2020-1934 mod_proxy_ftp use of uninitialized value low   Fixed SI72748
CVE-2019-10092 Limited cross-site scripting in mod_proxy error page low    Fixed SI71028
CVE-2019-10098 mod_rewrite potential open redirect low    Fixed SI71028
CVE-2019-10082 mod_http2, read-after-free in h2 connection shutdown moderate Not Applicable Not Applicable
CVE-2019-10081 mod_http2, memory corruption on early pushes moderate Not Applicable Not Applicable
CVE-2019-9517 mod_http2, DoS attack by exhausting h2 workers.    moderate moderate Not Applicable Not Applicable
CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference moderate Not Applicable Not Applicable
CVE-2019-0220 Apache httpd URL normalization inconsistincy low Fixed SI69901
CVE-2019-0916 mod_http2, read-after-free on a string compare low Not Applicable Not Applicable
CVE-2019-0917 mod_http2, possible crash on late upgrade low Not Applicable Not Applicable
CVE-2019-0215 mod_ssl access control bypass important Not Applicable Not Applicable
CVE-2019-0217 mod_auth_digest access control bypass important Not Applicable Not Applicable
CVE-2019-0211 Apache HTTP Server privilege escalation from modules' scripts important Not Applicable Not Applicable

CVE-2019-0190

mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 important Not Applicable Not Applicable

CVE-2018-17189

DoS for HTTP/2 connections via slow request bodies low Not Applicable Not Applicable

CVE-2018-17199

mod_session_cookie does not respect expiry time
low Not Applicable Not Applicable

CVE-2018-11763

DoS for HTTP/2 connections by continuous SETTINGS low Not Applicable Not Applicable

CVE-2018-1333

DoS for HTTP/2 connections by crafted requests

low

Not Applicable

Not Applicable

CVE-2018-8011

mod_md, DoS via Coredumps on specially crafted requests

moderate

Not Applicable

Not Applicable

CVE-2018-1301

Possible out of bound access after failure in reading the HTTP request

low

Fixed

SI67357

CVE-2017-15715

<FilesMatch> bypass with a trailing newline in the file name

low

Fixed

SI67357

CVE-2018-1283

Tampering of mod_session data for CGI applications

moderate

Not Applicable

Not Applicable

CVE-2017-15710

Out of bound write in mod_authnz_ldap when using too small Accept-Language values

low

Not Applicable

Not Applicable

CVE-2018-1312

Weak Digest auth nonce generation in mod_auth_digest

low

Not Applicable

Not Applicable

CVE-2018-1302

Possible write of after free on HTTP/2 stream shutdown

low

Not Applicable

Not Applicable

CVE-2018-1303

Possible out of bound read in mod_cache_socache

low

Not Applicable

Not Applicable

CVE-2017-12618

Out-of-bounds access in corrupted SDBM database

moderate

Fixed

SI66490

CVE-2017-12613

Out-of-bounds array dereference in apr_time_exp*() functions

important

Fixed

SI66345

CVE-2017-9798

Use-after-free when using <Limit > with an unrecognized

method in .htaccess ("OptionsBleed")

low

Fixed

SI65915

CVE-2017-9789

Read after free in mod_http2

important

Not Applicable

Not Applicable

CVE-2017-9788

Uninitialized memory reflection in mod_auth_digest

important

Not Applicable

Not Applicable

CVE-2017-7659

mod_http2 Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-3169

mod_ssl Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-7679

mod_mime Buffer Overread

important

Fixed

SI65279

CVE-2017-7668

ap_find_token() Buffer Overread

important

Fixed

SI65279

CVE-2017-3167

ap_get_basic_auth_pw() Authentication Bypass

important

Fixed

SI65279

SI65280

CVE-2016-8743

Apache HTTP Request Parsing Whitespace Defects

important

Fixed

SI64140

CVE-2016-8740

HTTP/2 CONTINUATION denial of service

moderate

Not Applicable

Not Applicable

CVE-2016-2161 DoS vulnerability in mod_auth_digest low Not Applicable Not Applicable
CVE-2016-0736 Padding Oracle in Apache mod_session_crypto low Not Applicable Not Applicable
CVE-2016-4975 mod_userdir CRLF injection moderate Fixed SI64140

CVE-2016-0718

Expat XML Parser Crashes on Malformed Input

moderate

Fixed

SI61648

CVE-2016-5387

HTTP_PROXY environment variable "httpoxy" mitigation

low

Fixed

SI62159

CVE-2016-4979

TLS/SSL X.509 client certificate auth bypass with HTTP/2

important

Not Applicable

Not Applicable

CVE-2016-1546

mod_http2: denial of service by thread starvation

low

Not Applicable

Not Applicable

CVE-2015-1283

XML_GetBuffer expat buffer overflow

low

Fixed

SI57960

CVE-2015-0228

 

mod_lua: Crash in websockets PING handling

low

Not Applicable

Not Applicable

CVE-2015-0253

Crash in ErrorDocument 400 handling

low

Fixed

SI58157

CVE-2015-3183

HTTP request smuggling attack against chunked request parser

low

Fixed

SI57806

CVE-2015-3185

ap_some_auth_required API unusable

low

Fixed

SI57806

CVE-2013-5704

HTTP Trailers processing bypass

low

Fixed

SI55722

CVE-2014-8109

mod_lua multiple "Require" directive handling is broken

low

Not Applicable

Not Applicable

CVE-2014-8730

Transport Layer Security (TLS) padding vulnerability via a POODLE

(Padding Oracle On Downgraded Legacy Encryption) like attack

moderate

Not Applicable

Not Applicable

CVE-2014-3583

mod_proxy_fcgi out-of-bounds memory read

low

Not Applicable

Not Applicable

CVE-2014-3581

mod_cache crash with empty Content-Type header

low

Fixed

SI55552

CVE-2007-6750

"Slowloris" denial of service attack due to the lack of the mod_reqtimeout module

moderate

Not Applicable

Not Applicable

CVE-2014-0118

mod_deflate denial of service

moderate

Fixed

SI54023

CVE-2014-3523

WinNT MPM denial of service

important

Not Applicable

Not Applicable

CVE-2014-0226

mod_status buffer overflow

moderate

Not Applicable

Not Applicable

CVE-2014-0231

mod_cgid denial of service

important

Not Applicable

Not Applicable

CVE-2014-0117

mod_proxy denial of service

moderate

Not Applicable

Not Applicable

CVE-2014-0098

mod_log_config crash

low

Fixed

SI52811

CVE-2013-6438

mod_dav crash

moderate

Fixed

SI52821

CVE-2013-1896

mod_dav crash

moderate

Fixed

SI52821

CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output

low

Fixed

SI51122

CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface.

moderate

Fixed

SI51122

CVE-2012-2687

XSS in mod_negotiation when untrusted uploads are supported

low

Fixed

SI51122

CVE-2012-0883

insecure LD_LIBRARY_PATH handling

low

Not Applicable

Not Applicable

IBM i 7.1: Apache security vulnerabilities: 
Common vulnerabilities and exposures Description Severity Status on IBM i PTF(s)

CVE-2017-12618

Out-of-bounds access in corrupted SDBM database

moderate

Fixed

SI66487

CVE-2017-12613

Out-of-bounds array dereference in apr_time_exp*() functions

important

Fixed

SI66472

CVE-2017-9798

Use-after-free when using <Limit > with an unrecognized method

in .htaccess ("OptionsBleed")

low

Fixed

SI65939

CVE-2017-9789

Read after free in mod_http2

important

Not Applicable

Not Applicable

CVE-2017-9788

Uninitialized memory reflection in mod_auth_digest

important

Not Applicable

Not Applicable

CVE-2017-7659

mod_http2 Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-3169

mod_ssl Null Pointer Dereference

important

Not Applicable

Not Applicable

CVE-2017-7679

mod_mime Buffer Overread

important

Fixed

SI65281

CVE-2017-7668

ap_find_token() Buffer Overread

important

Fixed

SI65281

CVE-2017-3167

ap_get_basic_auth_pw() Authentication Bypass

important

Fixed

SI65281

SI65282

CVE-2016-8743

Apache HTTP Request Parsing Whitespace Defects

important

Fixed

SI63670

CVE-2016-8740

HTTP/2 CONTINUATION denial of service

moderate

Not Applicable

Not Applicable

CVE-2016-2161 DoS vulnerability in mod_auth_digest low Not Applicable Not Applicable
CVE-2016-0736 Padding Oracle in Apache mod_session_crypto low Not Applicable Not Applicable
CVE-2016-4975 mod_userdir CRLF injection moderate Fixed SI63670

CVE-2016-0718

Expat XML Parser Crashes on Malformed Input

moderate

Fixed

SI61649

CVE-2016-5387

HTTP_PROXY environment variable "httpoxy" mitigation

low

Fixed

SI61471

CVE-2016-4979

TLS/SSL X.509 client certificate auth bypass with HTTP/2

important

Not Applicable

Not Applicable

CVE-2016-1546

mod_http2: denial of service by thread starvation

low

Not Applicable

Not Applicable

CVE-2015-1283

XML_GetBuffer expat buffer overflow low Fixed SI57962

CVE-2015-0228

mod_lua: Crash in websockets PING handling low Not Applicable Not Applicable

CVE-2015-0253

Crash in ErrorDocument 400 handling low Not Applicable Not Applicable

CVE-2015-3183

HTTP request smuggling attack against chunked request parser low Fixed SI57763

CVE-2015-3185

ap_some_auth_required API unusable low Not Applicable Not Applicable

CVE-2013-5704

HTTP Trailers processing bypass low Fixed SI55746

CVE-2014-8730

Transport Layer Security (TLS) padding vulnerability via a POODLE

(Padding Oracle On Downgraded Legacy Encryption) like attack

moderate Not Applicable Not Applicable

CVE-2014-0231

mod_cgid denial of service important Not Applicable Not Applicable

CVE-2007-6750

"Slowloris" denial of service attack due to the lack of the mod_reqtimeout module moderate Fixed SI53684



SI53701

CVE-2014-0118

mod_deflate denial of service moderate Fixed SI54022

CVE-2014-3523

WinNT MPM denial of service important Not Applicable Not Applicable

CVE-2014-0226

mod_status buffer overflow moderate Not Applicable Not Applicable

CVE-2014-0231

mod_cgid denial of service important Not Applicable Not Applicable

CVE-2014-0117

mod_proxy denial of service moderate Not Applicable Not Applicable

CVE-2014-0098

mod_log_config crash low Fixed SI52916

CVE-2013-6438

mod_dav crash moderate Fixed SI52602

CVE-2013-1896

mod_dav crash moderate Fixed SI50824

CVE-2013-1862

mod_rewrite log



escape filtering
low Fixed SI50403

CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface. moderate Fixed SI49746

CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output low Fixed SI49746

CVE-2012-4557

mod_proxy_ajp remote DoS low Not Applicable Not Applicable

CVE-2012-0883

insecure LD_LIBRARY_PATH handling low Not Applicable Not Applicable

CVE-2012-2687

XSS in mod_negotiation when untrusted uploads are supported low Fixed SI47606

CVE-2012-0053

error responses can expose cookies moderate Fixed SI45900

CVE-2012-0031

scoreboard parent DoS low Fixed SI45900

CVE-2012-0021

mod_log_config crash low Fixed SI52916

CVE-2011-4317

mod_proxy reverse proxy exposure moderate Fixed SI45438

CVE-2011-3639

mod_proxy reverse proxy exposure moderate Fixed SI45438

CVE-2011-3607

Integer overflow in ap_pregsub() leads to buffer overflow moderate Fixed SI45438

CVE-2011-3368

mod_proxy reverse proxy exposure moderate Fixed SI44812

CVE-2011-3348

mod_proxy_ajp DoS



*Note: mod_proxy_ajp is not supported on i
moderate Not Applicable Not Applicable

CVE-2011-3192

byterange filter (DoS) low Fixed SI44630

CVE-2011-1928

apr_fnmatch high cpu utilization low Fixed SI43722

CVE-2011-0419

apr_fnmatch DoS (mod_autoindex) low Fixed SI43722

CVE-2010-1623

apr_bridage_split_line DoS low Fixed SI41367

CVE-2009-3560

expat DoS low Not Applicable Not Applicable

CVE-2009-3720

expat DoS low Not Applicable Not Applicable

CVE-2010-2068

Timeout detection flaw (mod_proxy_http) important Fixed SI40534

CVE-2010-1452

mod_cache and mod_dav DoS low Fixed SI40534

CVE-2010-0425

mod_isapi module unload flaw



*Note: This only affects Windows servers
important Not Applicable Not Applicable

CVE-2010-0434

Subrequest handling of request headers (mod_headers) low Fixed SI38640

CVE-2010-0408

mod_proxy_ajp DoS



*Note: mod_proxy_ajp is not supported on i
moderate Not Applicable Not Applicable

CVE-2009-3555

TLS/SSL handshake renegotiation low Fixed MF48823

CVE-2009-3094

mod_proxy_ftp DoS low Fixed SI36656

CVE-2009-3095

mod_proxy_ftp FTP command injection low Fixed SI36656

CVE-2009-2699

Solaris pollset DoS



*Note: This only affects Solaris servers
moderate Not Applicable Not Applicable

CVE-2009-2412

APR apr_palloc heap overflow low Fixed SI36656

CVE-2009-1890

mod_proxy reverse proxy DoS important Fixed Fixed

CVE-2009-1191

mod_proxy_ajp information disclosure



*Note: mod_proxy_ajp is not supported on i
important Not Applicable Not Applicable

CVE-2009-1891

mod_deflate DoS low Fixed Fixed

CVE-2009-1195

AllowOverride Options handling bypass low Fixed Fixed

CVE-2009-1956

APR-util off-by-one overflow moderate Fixed Fixed

CVE-2009-1955

APR-util XML DoS moderate Fixed Fixed

CVE-2009-0023

APR-util heap underwrite moderate Fixed Fixed

CVE-2007-1863

mod_cache proxy DoS moderate Fixed Fixed

CVE-2007-1862

mod_cache information leak moderate Fixed Fixed

CVE-2007-3304

Signals to arbitrary processes moderate Fixed Fixed

CVE-2006-5752

mod_status cross-site scripting moderate Fixed Fixed

CVE-2007-3847

mod_proxy crash moderate Fixed Fixed

CVE-2007-5000

mod_imagemap XSS moderate Fixed Fixed

CVE-2007-6388

mod_status XSS moderate Fixed Fixed

CVE-2007-6421

mod_proxy_balancer XSS low Fixed Fixed

CVE-2007-6422

mod_proxy_balancer DoS low Fixed Fixed

CVE-2008-0005

mod_proxy_ftp UTF-7 XSS low Fixed Fixed

CVE-2008-2364

mod_proxy_http DoS moderate Fixed Fixed

CVE-2007-6420

mod_proxy_balancer CSRF low Fixed Fixed

CVE-2008-2939

mod_proxy_ftp globbing XSS low Fixed Fixed

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
07 September 2020

UID

ibm11170946