Fixes are available
APAR status
Closed as program error.
Error description
This APAR resolves IHS vulnerabilities in several optional modules.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server that use the * * optional mod_info, mod_ldap, mod_status, * * mod_imagemap, mod_proxy_ftp, or * * mod_proxy_balancer modules. * **************************************************************** * PROBLEM DESCRIPTION: XSS flaws due to unescaped hostnames * * and URIs HTML output in several * * optional IHS modules. * **************************************************************** * RECOMMENDATION: Apply the fix. * **************************************************************** Cross-site scripting vulnerabilities: - CVE-2012-3499 - CVE-2012-4558
Problem conclusion
The affected modules were updated to resolve the exposures. This fix is targeted for IBM HTTP Server fixpacks: - 6.1.0.47 - 7.0.0.29 - 8.0.0.6 - 8.5.0.2
Temporary fix
Comments
APAR Information
APAR number
PM80058
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-01-07
Closed date
2013-02-19
Last modified date
2013-02-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
R700 PSY
UP
R800 PSY
UP
R850 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.