IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
BID:10091
Info
IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
| Bugtraq ID: | 10091 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2004 12:00AM |
| Updated: | Jun 02 2006 03:47PM |
| Credit: | These fixes were released by IBM. |
| Vulnerable: |
IBM HTTP Server 2.0.47 IBM HTTP Server 2.0.42 .2 IBM HTTP Server 1.3.28 IBM HTTP Server 1.3.26 .2 IBM HTTP Server 1.3.26 .1 IBM HTTP Server 1.3.26 IBM HTTP Server 1.3.19 .5 IBM HTTP Server 1.3.19 .4 IBM HTTP Server 1.3.19 .3 IBM HTTP Server 1.3.19 .2 IBM HTTP Server 1.3.19 .1 IBM HTTP Server 1.3.19 IBM HTTP Server 1.3.12 .7 IBM HTTP Server 1.3.12 .6 IBM HTTP Server 1.3.12 .5 IBM HTTP Server 1.3.12 .4 IBM HTTP Server 1.3.12 .3 IBM HTTP Server 1.3.12 .2 IBM HTTP Server 1.3.12 .1 IBM HTTP Server 1.3.12 |
| Not Vulnerable: | |
Discussion
IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
IBM has announced the release of PQ86671 and PQ85834 cumulative fixes to address various issues in IBM HTTP Server.
PQ86671 has been released to address an unspecified denial-of-service issue in SSL. Reportedly, this issue concerns certain malformed SSL records that may lead to a denial of service. Although unconfirmed, this fix may address the issue described in BID 8746 (OpenSSL SSLv2 Client_Master_Key Remote Denial Of Service Vulnerability) or BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities). PQ86671 has been released for these IBM HTTP Server versions:
1.3.12
1.3.12.1
1.3.12.2
1.3.12.3
1.3.12.4
1.3.12.5
1.3.12.6
1.3.12.7
1.3.19
1.3.19.1
1.3.19.2
1.3.19.3
1.3.19.4
1.3.19.5
1.3.26
1.3.26.1
1.3.26.2
1.3.28.
PQ85834 has been released to address multiple issues affecting IBM HTTP Server as well. Although the issues addressed by this fix may be new, older issues have been fixed as well. PQ85834 has been released for IBM HTTP Server 2.0.42.2 and 2.0.47.
IBM has announced the release of PQ86671 and PQ85834 cumulative fixes to address various issues in IBM HTTP Server.
PQ86671 has been released to address an unspecified denial-of-service issue in SSL. Reportedly, this issue concerns certain malformed SSL records that may lead to a denial of service. Although unconfirmed, this fix may address the issue described in BID 8746 (OpenSSL SSLv2 Client_Master_Key Remote Denial Of Service Vulnerability) or BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities). PQ86671 has been released for these IBM HTTP Server versions:
1.3.12
1.3.12.1
1.3.12.2
1.3.12.3
1.3.12.4
1.3.12.5
1.3.12.6
1.3.12.7
1.3.19
1.3.19.1
1.3.19.2
1.3.19.3
1.3.19.4
1.3.19.5
1.3.26
1.3.26.1
1.3.26.2
1.3.28.
PQ85834 has been released to address multiple issues affecting IBM HTTP Server as well. Although the issues addressed by this fix may be new, older issues have been fixed as well. PQ85834 has been released for IBM HTTP Server 2.0.42.2 and 2.0.47.
Exploit / POC
IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
Solution:
IBM has addressed these issues. Administrators should upgrade at the earliest possible convenience.
Please see the documentation provided by IBM for instructions on how to upgrade.
IBM HTTP Server 1.3.12 .5
IBM HTTP Server 1.3.12 .7
IBM HTTP Server 1.3.12 .2
IBM HTTP Server 1.3.12 .6
IBM HTTP Server 1.3.12 .1
IBM HTTP Server 1.3.12 .4
IBM HTTP Server 1.3.12 .3
IBM HTTP Server 1.3.12
IBM HTTP Server 1.3.19 .1
IBM HTTP Server 1.3.19 .3
IBM HTTP Server 1.3.19 .4
IBM HTTP Server 1.3.19 .2
IBM HTTP Server 1.3.19
IBM HTTP Server 1.3.19 .5
IBM HTTP Server 1.3.26
IBM HTTP Server 1.3.26 .1
IBM HTTP Server 1.3.26 .2
IBM HTTP Server 1.3.28
IBM HTTP Server 2.0.42 .2
IBM HTTP Server 2.0.47
Solution:
IBM has addressed these issues. Administrators should upgrade at the earliest possible convenience.
Please see the documentation provided by IBM for instructions on how to upgrade.
IBM HTTP Server 1.3.12 .5
IBM HTTP Server 1.3.12 .7
IBM HTTP Server 1.3.12 .2
IBM HTTP Server 1.3.12 .6
IBM HTTP Server 1.3.12 .1
IBM HTTP Server 1.3.12 .4
IBM HTTP Server 1.3.12 .3
IBM HTTP Server 1.3.12
IBM HTTP Server 1.3.19 .1
IBM HTTP Server 1.3.19 .3
IBM HTTP Server 1.3.19 .4
IBM HTTP Server 1.3.19 .2
IBM HTTP Server 1.3.19
IBM HTTP Server 1.3.19 .5
IBM HTTP Server 1.3.26
IBM HTTP Server 1.3.26 .1
IBM HTTP Server 1.3.26 .2
IBM HTTP Server 1.3.28
IBM HTTP Server 2.0.42 .2
IBM HTTP Server 2.0.47
References
IBM HTTP Server PQ86671 and PQ85834 Fixes Released - Multiple Vulnerabilities Fixed
References:
References: