PH21992: Multiple vulnerabilities in IBM HTTP Server (CVE-2020-1927, CVE-2020-1934)

Download

Downloadable File

File link	File size	File description

Abstract

Multiple vulnerabilities in IBM HTTP Server (CVE-2020-1927, CVE-2020-1934)

Download Description

PH21992 resolves the following problem:

ERROR DESCRIPTION:
CVE-2020-1927: IBM HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module.
CVE-2020-1934: IBM HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of an uninitialized value in mod_proxy_ftp.

PROBLEM SUMMARY:
CVE-2020-1927, CVE-2020-1934 in IBM HTTP Server.

PROBLEM CONCLUSION:
IHS was updated to resolve the vulnerabilities.
This fix is targeted for IBM HTTP Server fix packs:
- 8.5.5.18
- 9.0.5.4

Prerequisites

Download the UpdateInstaller below to install this fix.

URL	SIZE(Bytes)
UpdateInstaller	7250000

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V70 Readme	5199
V80 Readme	2193
V85 Readme	2211
V90 Readme	2285
V90 Archive Readme	1658

Download Package

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	DOWNLOAD Options What is Fix Central(FC)?
9.0.5.3-WS-WASIHS-IFPH21992	13 April 2020	10450129	FC
9.0.5.2-WS-WASIHS-IFPH21992	13 April 2020	10450099	FC
9.0.5.1-WS-WASIHS-IFPH21992	13 April 2020	10450077	FC
8.5.5.17-WS-WASIHS-IFPH21992	13 April 2020	12231423	FC
8.5.5.16-WS-WASIHS-IFPH21992	13 April 2020	20256946	FC
8.5.5.15-WS-WASIHS-IFPH21992	13 April 2020	21216227	FC
8.0.0.15-WS-WASIHS-IFPH21992	13 April 2020	81173391	FC
7.0.0.45-WS-WASIHS-AixPPC32-IFPH21992	13 April 2020	4129644	FC
7.0.0.45-WS-WASIHS-HpuxIA64-IFPH21992	13 April 2020	9743455	FC
7.0.0.45-WS-WASIHS-HpuxPaRISC-IFPH21992	13 April 2020	3951496	FC
7.0.0.45-WS-WASIHS-LinuxPPC32-IFPH21992	13 April 2020	3195276	FC
7.0.0.45-WS-WASIHS-LinuxS390-IFPH21992	13 April 2020	3193401	FC
7.0.0.45-WS-WASIHS-LinuxX32-IFPH21992	13 April 2020	2882618	FC
7.0.0.45-WS-WASIHS-SolarisSparc-IFPH21992	13 April 2020	4471179	FC
7.0.0.45-WS-WASIHS-SolarisX64-IFPH21992	13 April 2020	3090773	FC
7.0.0.45-WS-WASIHS-WinX32-IFPH21992	13 April 2020	5398804	FC
9.0.5.3-WS-WASIHS_Archive-AixPPC64-IFPH21992	13 April 2020	28134436	FC
9.0.5.3-WS-WASIHS_Archive-LinuxPPC64LE-IFPH21992	13 April 2020	26566668	FC
9.0.5.3-WS-WASIHS_Archive-LinuxS39064-IFPH21992	13 April 2020	27549522	FC
9.0.5.3-WS-WASIHS_Archive-LinuxX64-IFPH21992	13 April 2020	25659811	FC
9.0.5.3-WS-WASIHS_Archive-WinX32-IFPH21992	13 April 2020	26578262	FC
9.0.5.3-WS-WASIHS_Archive-WinX64-IFPH21992	13 April 2020	27472573	FC
9.0.5.2-WS-WASIHS_Archive-AixPPC64-IFPH21992	13 April 2020	28134103	FC
9.0.5.2-WS-WASIHS_Archive-LinuxPPC64LE-IFPH21992	13 April 2020	26566445	FC
9.0.5.2-WS-WASIHS_Archive-LinuxS39064-IFPH21992	13 April 2020	27549196	FC
9.0.5.2-WS-WASIHS_Archive-LinuxX64-IFPH21992	13 April 2020	25659686	FC
9.0.5.2-WS-WASIHS_Archive-WinX32-IFPH21992	13 April 2020	26578035	FC
9.0.5.2-WS-WASIHS_Archive-WinX64-IFPH21992	13 April 2020	27472162	FC

Problems Solved

PH21992

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.45;8.0.0.15;8.5.5.15;8.5.5.16;8.5.5.17;9.0.5.1;9.0.5.2;9.0.5.3","Edition":"Base,Enterprise,Advanced,Single Server,Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PH21992

Was this topic helpful?

Document Information

Modified date:
15 April 2020

UID

ibm16189831

Tips