CVE-2015-4947 for IBM HTTP Server Administration Server
PI44793 resolves the following problem:
ERROR DESCRIPTION:
Vulnerability in the IBM HTTP Server Admin Server could allow a denial of service or remote code execution attack from malicious authenticated requests.
PROBLEM SUMMARY:
Improper handling of user input by the IHS Admin Server can result in a stack-allocated buffer being overrun as a result of a malicious request. This can only happen on an authenticated request.
PROBLEM CONCLUSION:
The IHS Admin Server was updated to prevent the potential buffer overflow condition.
This fix is targeted for IBM HTTP Server fix packs:
- 7.0.0.39
- 8.0.0.12
- 8.5.5.7
UpdateInstaller is required for IHS 7.0 and 6.1 interim fixes.
[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]
For IHS 8.0 and 8.5.5, the interim fix can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.
The interim fix is also available from Fix Central at the link listed in the Download Package section below..
The 6.1 version of this fix is included in the PI45596 cumulative interim fix.
On
[{"DNLabel":"8.5.5.4 - 8.5.5.6 Distributed platforms","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"736803","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WASIHS-MultiOS-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.11 Distributed platforms","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"16233","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.9-WS-WASIHS-MultiOS-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 AixPPC32","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"29926","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-AixPPC32-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxIA64","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"54848","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxIA64-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxPaRISC","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"41466","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxPaRISC-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxPPC32","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"68678","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxPPC32-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxS390","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"69879","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxS390-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxX32","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"65092","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxX32-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisSparc","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"27213","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisSparc-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisX64","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"36691","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisX64-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 WinX32","DNDate":"31 Aug 2015","DNLang":"US English","DNSize":"16233","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-WinX32-IFPI44793&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.6;8.5.5.5;8.5.5.4;8.0.0.9;8.0.0.11;8.0.0.10;7.0.0.37;7.0.0.35;7.0.0.33","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed