Security Bulletin
Summary
IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details.
Vulnerability Details
CVEID: CVE-2017-9798
DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Smart Cloud Entry 2.4, 3.1, and 3.2
Remediation/Fixes
|
Product | VRMF | APAR | Remediation/First Fix |
| IBM SmartCloud Entry | 3.2 | None | Contact IBM Support. |
| IBM SmartCloud Entry | 3.1 | None | |
| IBM SmartCloud Entry | 2.4 | None |
For all IBM Smart Cloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189. For information about the latest release of IBM Cloud Manager for Openstack, please see http://www-01.ibm.com/support/docview.wss?uid=isg400003605
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
Initial draft dated January 5 2018.
Second draft dated January 7 2018.
Third draft dated January 8 2018.
Fourth draft dated January 8 2018.
Version published:
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
18 July 2020
UID
isg3T1026177