QID 378372
Date Published: 2023-06-19
QID 378372: IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6955577)
There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime
CVE-2022-28331 : Apache Portable Runtime (APR) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the apr_socket_sendv() function.
CVE-2022-36760 : Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests vulnerability in mod_proxy_ajp.
CVE-2022-37436 :Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by the use of a malicious backend by mod_proxy.
CVE-2006-20001 : Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav.
CVE-2022-25147 : Apache Portable Runtime (APR) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the apr_base64 functions.
Affected Versions:
IBM HTTP Server V9.0.0.0 through 9.0.5.14
IBM HTTP Server V8.5.0.0 through 8.5.5.23:
QID Detection Logic (Authenticated):
Operating System: Windows
The QID checks the key "HKLM\SYSTEM\CurrentControlSet\Services" to see if IBM HTTP vulnerable version installed on the host or not.
Making this QID as practice as Mitigation is available in advisory
QID Detection Logic (Authenticated):
Operating System: Linux
The QID checks the vulnerable version IBM HTTP Server. "version.signature" is used to verify the version.
A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked.
- 6955577 -
www.ibm.com/support/pages/node/6955577
CVEs related to QID 378372
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 6955577 |
www.ibm.com/support/pages/node/6955577 |