IBM Support

PI91913: CVE-2018-1388 for IBM HTTP Server

Download


Abstract

CVE-2018-1388 for IBM HTTP Server

Download Description

PI91913 resolves the following problem:

ERROR DESCRIPTION:
Potential vulnerability from discrepencies between valid and invalid PKCS#1 padding in GSKit v7.

LOCAL FIX:

PROBLEM SUMMARY:
GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding.

Note: The updated GSKit provided by this interim fix also includes fixes for these additional vulnerabilities:
- CVE-2017-3732
- CVE-2017-3736
- CVE-2018-1426
- CVE-2018-1427
- CVE-2018-1447

PROBLEM CONCLUSION:
The GSKit component was upgraded to 7.0.5.15

This fix is targeted for IBM HTTP Server fix packs:
- 7.0.0.45

Prerequisites

None

Installation Instructions

Please review the readme.txt that accompanies the fix download for detailed installation instructions.

On
[{"DNLabel":"7.0.0.0 - 7.0.0.43 AixPPC32","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"20971520","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-AixPPC32-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 HpuxIA64","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"40028160","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-HpuxIA64-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 HpuxPaRISC","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"27084800","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-HpuxPaRISC-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 LinuxPPC32","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"16128000","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-LinuxPPC32-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 LinuxS390","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"14233600","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-LinuxS390-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 LinuxX32","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"14878720","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-LinuxX32-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 SolarisSparc","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"18104320","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-SolarisSparc-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 SolarisX64","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"25088000","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-SolarisX64-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.43 WinX32","DNDate":"12 Mar 2018","DNLang":"US English","DNSize":"7003520","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere Application Server&release=All&platform=All&function=fixId&fixids=7.0.0.0-WS-WASIHS_GSKit-WinX32-IFPI91913&includeSupersedes=0","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0;7.0.0.1;7.0.0.11;7.0.0.13;7.0.0.15;7.0.0.17;7.0.0.19;7.0.0.21;7.0.0.23;7.0.0.25;7.0.0.27;7.0.0.29;7.0.0.3;7.0.0.31;7.0.0.33;7.0.0.35;7.0.0.37;7.0.0.39;7.0.0.41;7.0.0.43;7.0.0.5;7.0.0.7;7.0.0.9","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24044636

Page Feedback