QID 87487
Date Published: 2022-06-01
QID 87487: IBM Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (6560814)
IBM HTTP Server powered by Apache is based on the Apache HTTP Server available for multiple platforms.
CVE-2022-25236 - libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c
CVE-2022-25235 - libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c.
CVE-2022-25313 - libexpat is vulnerable to a denial of service, caused by stack exhaustion in build_model. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability using a large nesting depth in the DTD element to cause a denial of service.
CVE-2022-25315 - libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames.
Affected Versions:
IBM HTTP Server V9.0.0.0 through 9.0.5.10
IBM HTTP Server V8.5.0.0 through 8.5.5.21
IBM HTTP Server V8.0.0.0 through 8.0.0.15
IBM HTTP Server V7.0.0.0 through 7.0.0.45
QID Detection Logic (Un-Authenticated):
This checks for vulnerable version of IBM HTTP server.
A remote attacker could exploit this vulnerability to obtain sensitive information, escalate privileges or cause a denial of service.
- Security Bulletin 6560814 -
www.ibm.com/support/pages/node/6560814
CVEs related to QID 87487
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 6560814 |
www.ibm.com/support/pages/node/6560814 |