IBM Support

PI09345: CVE-2013-6438: IBM HTTP Server mod_dav potential vulnerability

Downloadable files


Abstract

There is the potential for a denial of service due to a vulnerability in the IBM HTTP Server mod_dav module.

Download Description

PI09345 resolves the following problem:

ERROR DESCRIPTION:
A vulnerability in the mod_dav module could result in a denial of service.

z/OS is not affected.


PROBLEM SUMMARY:
Potential vulnerability for IBM HTTP Server.

PROBLEM CONCLUSION:
The module was updated to resolve the vulnerability.

This fix is targeted for IBM HTTP Server fixpacks:
- 7.0.0.33
- 8.0.0.9
- 8.5.5.2

Prerequisites

UpdateInstaller is required for IHS 7.0 and 6.1 interim fixes.

URL LANGUAGE SIZE(Bytes)
UpdateInstaller English 7250000

Download package

The fix for IHS 6.1 is included in the PI17025 cumulative interim fix for 6.1.0.47: http://www-01.ibm.com/support/docview.wss?uid=swg24037517


Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
What is DD?
8.5.0.0 - 8.5.5.2 Distributed platforms 15 May 2014 US English 1655660 FC DD
8.0.0.0 - 8.0.0.8 Distributed platforms 15 May 2014 US English 1702283 FC DD
7.0.0.0 - 7.0.0.31 AixPPC32 15 May 2014 US English 84043 FC DD
7.0.0.0 - 7.0.0.31 HpuxIA64 15 May 2014 US English 269928 FC DD
7.0.0.0 - 7.0.0.31 HpuxPaRISC 15 May 2014 US English 83446 FC DD
7.0.0.0 - 7.0.0.31 LinuxPPC32 15 May 2014 US English 74624 FC DD
7.0.0.0 - 7.0.0.31 LinuxS390 15 May 2014 US English 70346 FC DD
7.0.0.0 - 7.0.0.31 LinuxX32 15 May 2014 US English 66338 FC DD
7.0.0.0 - 7.0.0.31 SolarisSparc 15 May 2014 US English 93108 FC DD
7.0.0.0 - 7.0.0.31 SolarisX64 15 May 2014 US English 70674 FC DD
7.0.0.0 - 7.0.0.31 WinX32 15 May 2014 US English 164448 FC DD

Problems (APARS) fixed
PI09345

Document information

More support for: IBM HTTP Server
Base Server

Software version: 6.1.0.47, 7.0, 8.0, 8.5, 8.5.5

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 4037538

Modified date: 16 May 2014