Skip to main content

Support & downloads  >  

SE39219 - HTTPSVR - Patch Apache Vulnerability CVE 2008 2364
 APAR (Authorized Program Analysis Report)

Abstract

HTTPSVR - Patch Apache Vulnerability CVE 2008 2364

Error Description

Apache Vulnerabilty CVE-2008-2364, Apache mod_proxy HTTP        
Process Response Denial of Service. Common vulnerabilty and    
Exposure says: The ap_proxy_http_process_response function in  
mod_proxy_http.c in the mod_proxy module in the Apache HTTP    
Server 2.0.63 and 2.2.8 does not limit the number of forwarded  
interim responses, which allows remote HTTP servers to cause a  
denial of service (memory consumption) via a large number of    
interim responses.                                              

Problem Summary

                                                               
Update IBM HTTP Server for iSeries to comply with security      
vulnerabilities listed                                          
on the Apache Software Foundation Website to maintain PCI      
compliance.                                                    

Problem Conclusion

                                                               
This PTF will update security vulnerabilities in the IBM HTTP  
Server for iSeries                                              
(powered by Apache) to maintain PCI compliance.                

Temporary Fix

Comments

This PTF will update security vulnerabilities in the IBM HTTP  
Server for iSeries                                              
(powered by Apache) to maintain PCI compliance.                

Circumvention


PTFs Available

R540 SI36619 PTF Cover Letter   1000

Affected Modules

         
         

Affected Publications

Summary Information

Status............................................ CLOSED PER
HIPER........................................... No
Component.................................. 5722DG100
Failing Module.......................... RCHMGR
Reported Release................... R540
Duplicate Of..............................




System i Support

    IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.


Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Operating System
 i family of operating systems (formerly i5/OS family)
 APARs - i5/OS V5R4 environment
 Operating system(s):
  OS/400
 Software version:
  V5R4M0
 Reference #:
  86257655003C8E7A
 IBM Group:
 iSeries
 Modified date:
 2009-11-14

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.