PM08939: CVE-2010-0434 / CVE-2010-0408

Fixes are available

PM08939: IBM HTTP Server - CVE-2010-0434 / CVE-2010-0408
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for HP-UX platforms
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for AIX platforms
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Solaris
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Windows platforms
6.0.2.41:Java SDK 1.4.2 SR13 FP4 Cumulative Fix for WebSphere Application Server
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Linux platforms
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for AIX
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for HP-UX
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for HP-UX platforms
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for AIX
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Solaris
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Windows platforms
6.0.2.43:Java SDK 1.4.2 SR13 FP5 Cumulative Fix for WebSphere Application Server
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Linux
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for AIX
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for HP-UX
6.1.0.31: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for AIX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for HP-UX
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
6.1.0.37: WebSphere Application Server V6.1 Fix Pack 37
6.1.0.39: WebSphere Application Server V6.1 Fix Pack 39
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: WebSphere Application Server V6.1 Fix Pack 41
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: WebSphere Application Server V6.1 Fix Pack 43
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: WebSphere Application Server V6.1 Fix Pack 45
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • CVE-2010-0434 / CVE-2010-0408
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM HTTP Server 6.0, 6.1, 7.0 users.        *
    *                  CVE-2010-0408 only affects V7 users that    *
    *                  are using WebSphere Application Server      *
    *                  Community Edition.                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: Potential vulnerabilities:              *
    *                      CVE-2010-0434, CVE-2010-0408.           *
    ****************************************************************
    * RECOMMENDATION:  Apply this fix.                             *
    ****************************************************************
    CVE-2010-0434 and CVE-2010-0408.
    

Problem conclusion

  • A fix is being provided to resolve these potential
    vulnerabilities.
    
    This fix is targeted for IBM HTTP Server fixpacks:
    - 6.0.2.41
    - 6.1.0.31
    - 7.0.0.11
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM08939

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    61A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-03-03

  • Closed date

    2010-03-18

  • Last modified date

    2010-03-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R60A PSY

       UP

  • R60H PSY

       UP

  • R60I PSY

       UP

  • R60P PSY

       UP

  • R60S PSY

       UP

  • R60W PSY

       UP

  • R60Z PSY

       UP

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP

  • R700 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM HTTP Server
Runtime

Software version:

6.1

Reference #:

PM08939

Modified date:

2010-03-18

Translate my page

Machine Translation

Content navigation