IBM Support

PI44809: CVE-2015-1788 for IBM HTTP Server

Download


Abstract

CVE-2015-1788 for IBM HTTP Server

Download Description

PI44809 resolves the following problem:

ERROR DESCRIPTION:
Potential denial of service in IBM HTTP Server due to GSKit vulnerability

LOCAL FIX:

PROBLEM SUMMARY:
Improperly handled ECParameters structures could allow an
attacker to exploit this vulnerability to cause the server to
enter an infinite loop causing a denial of service via a
session that uses an Elliptic Curve algorithm.

PROBLEM CONCLUSION:
The bundled GSKit is upgraded to the 8.0.50.47 version, in
which the vulnerability has been resolved.

This fix is targeted for IBM HTTP Server fix packs:
- 8.0.0.12
- 8.5.5.7

Prerequisites

None

Installation Instructions

Please review the readme file for detailed installation instructions.

The interim fix files can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.
The interim fix is also available from Fix Central at the link listed in the Download Package section below.

Download Package

These fixes will upgrade your GSKit to 8.0.50.47.

On
[{"DNLabel":"8.5.0.0 - 8.5.5.3 MultiOS","DNDate":"10 Sep 2015","DNLang":"US English","DNSize":"156209209","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WASIHS_GSKit-MultiOS-IFPI44809&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4 - 8.5.5.6 MultiOS","DNDate":"10 Sep 2015","DNLang":"US English","DNSize":"165501059","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WASIHS_GSKit-MultiOS-IFPI44809&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0 - 8.0.0.11 MultiOS","DNDate":"10 Sep 2015","DNLang":"US English","DNSize":"156287299","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WASIHS_GSKit-MultiOS-IFPI44809&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.11;8.0.0.10;8.0.0.1;8.0","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24040686