IBM Support

PH14974: Multiple vulnerabilities in IBM HTTP Server (CVE-2018-20843, CVE-2019-10092, CVE-2019-10098)

Download


Downloadable File

File link File size File description

Abstract

Multiple vulnerabilities in IBM HTTP Server (CVE-2018-20843, CVE-2019-10092, CVE-2019-10098)

Download Description

PH14974 resolves the following problem:
ERROR DESCRIPTION:
CVE-2018-20843: libexpat is vulnerable to a denial of service, caused by an error in the XML parser.
CVE-2019-10092: Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the mod_proxy error page.
CVE-2019-10098: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open rdirect vulnerability in the mod_rewrite module.
PROBLEM SUMMARY:
CVE-2019-10092, CVE-2019-10098, CVE-2018-20843 in IBM HTTP Server.
PROBLEM CONCLUSION:
IHS was updated to prevent the vulnerable conditions.
This fix is targeted for IBM HTTP Server fix packs:
- 8.5.5.17
- 9.0.5.1

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 Readme 2427
V90 Archive Readme 1799
V85 Readme 2350
V80 Readme 2341
V70 Readme 5347

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

9.0.0.11-WS-WASIHS-IFPH14974 09-17-2019 17249837 FC
9.0.5.0-WS-WASIHS-IFPH14974 09-17-2019 16336000 FC
9.0.5.0-WS-WASIHS_Archive-AixPPC64-IFPH14974 09-17-2019 28016520 FC
9.0.5.0-WS-WASIHS_Archive-LinuxPPC64LE-IFPH14974 09-17-2019 26500078 FC
9.0.5.0-WS-WASIHS_Archive-LinuxS39064-IFPH14974 09-17-2019 27376359 FC
9.0.5.0-WS-WASIHS_Archive-LinuxX64-IFPH14974 09-17-2019 25552909 FC
9.0.5.0-WS-WASIHS_Archive-WinX32-IFPH14974 09-17-2019 26525458 FC
9.0.5.0-WS-WASIHS_Archive-WinX64-IFPH14974 09-17-2019 27407321 FC
8.5.5.16-WS-WASIHS-IFPH14974 09-17-2019 18829766 FC
8.5.5.15-WS-WASIHS-IFPH14974 09-17-2019 19789431 FC
8.0.0.15-WS-WASIHS-IFPH14974 09-17-2019 80999137 FC
7.0.0.45-WS-WASIHS-AixPPC32-IFPH14974 09-17-2019 4119863 FC
7.0.0.45-WS-WASIHS-HpuxIA64-IFPH14974 09-17-2019 9724296 FC
7.0.0.45-WS-WASIHS-HpuxPaRISC-IFPH14974 09-17-2019 3940916 FC
7.0.0.45-WS-WASIHS-LinuxPPC32-IFPH14974 09-17-2019 3183316 FC
7.0.0.45-WS-WASIHS-LinuxS390-IFPH14974 09-17-2019 3179755 FC
7.0.0.45-WS-WASIHS-LinuxX32-IFPH14974 09-17-2019 2870613 FC
7.0.0.45-WS-WASIHS-SolarisSparc-IFPH14974 09-17-2019 4470449 FC
7.0.0.45-WS-WASIHS-SolarisX64-IFPH14974 09-17-2019 3081318 FC
7.0.0.45-WS-WASIHS-WinX32-IFPH14974 09-17-2019 5508396 FC

Problems Solved

PH14974

On

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.45;8.0.0.15;8.5.5.15;8.5.5.16;9.0.0.11;9.0.5.0","Edition":"Advanced,Base,Enterprise,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
18 September 2019

UID

ibm11074154