PM89996: mod_dav vulnerability (CVE-2013-1896)

Download

Abstract

CVE-2013-1896: mod_dav vulnerability

Download Description

PM89996 resolves the following problem:

ERROR DESCRIPTION:
IBM HTTP Server may be vulnerable to a denial of service,
caused by a malicious request when using the optional mod_dav
module.

USERS AFFECTED:
IBM HTTP Server users that are using the optional mod_dav module.

LOCAL FIX:
None

RECOMMENDATION:
Apply this fix if using the mod_dav module.

PROBLEM SUMMARY:
A denial of service can potentially be caused by a malicious
DAV request.

PROBLEM CONCLUSION:
This fix is targeted for IBM HTTP Server fix packs:
- 6.1.0.47
- 7.0.0.31
- 8.0.0.7
- 8.5.5.1

Note: For the 8.x versions, this interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.

Prerequisites

UpdateInstaller is used for the pre-8.x interim fixes.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

          [{"DNLabel":"8.0.0.0 - 8.0.0.6 distributed platforms","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"1671535","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WASIHS-MultiOS-IFPM89996&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0 - 8.5.0.2 distributed platforms","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"1621428","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WASIHS-MultiOS-IFPM89996&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0 distributed platforms","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"1588420","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.5.0-WS-WASIHS-MultiOS-IFPM89996&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 AixPPC32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"84095","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-AixPPC32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 HpuxIA64","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"270030","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-HpuxIA64-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 HpuxPaRISC","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"83514","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-HpuxPaRISC-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 LinuxPPC32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"74722","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-LinuxPPC32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 LinuxS390","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"70411","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-LinuxS390-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 LinuxX32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"66415","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-LinuxX32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 SolarisSparc","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"93231","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-SolarisSparc-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 SolarisX64","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"70749","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-SolarisX64-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0 - 7.0.0.29 WinX32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"164542","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.0-WS-WASIHS-WinX32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 AixPPC32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"83008","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-AixPPC32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 HpuxIA64","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"266864","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-HpuxIA64-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 HpuxPaRISC","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"82266","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-HpuxPaRISC-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 LinuxPPC32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"74898","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-LinuxPPC32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 LinuxS390","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"66045","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-LinuxS390-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 LinuxX32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"64139","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-LinuxX32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 SolarisSparc","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"89693","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-SolarisSparc-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 SolarisX64","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"69519","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-SolarisX64-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.43 - 6.1.0.45 WinX32","DNDate":"23 Aug 2013","DNLang":"US English","DNSize":"161849","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WASIHS-WinX32-IFPM89996&source=dbluesearch&product=ibm%2FWebSphere%2FWebSphere+Application+Server","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0;7.0.0.9;7.0.0.7;7.0.0.5;7.0.0.3;7.0.0.29;7.0.0.27;7.0.0.25;7.0.0.23;7.0.0.21;7.0.0.19;7.0.0.17;7.0.0.15;7.0.0.13;7.0.0.11;7.0;6.1.0.45;6.1.0.43","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PM89996

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24035617

Tips