Download
Abstract
CVE-2015-1788 for IBM HTTP Server
Download Description
PI44809 resolves the following problem:
ERROR DESCRIPTION:
Potential denial of service in IBM HTTP Server due to GSKit vulnerability
LOCAL FIX:
PROBLEM SUMMARY:
Improperly handled ECParameters structures could allow an
attacker to exploit this vulnerability to cause the server to
enter an infinite loop causing a denial of service via a
session that uses an Elliptic Curve algorithm.
PROBLEM CONCLUSION:
The bundled GSKit is upgraded to the 8.0.50.47 version, in
which the vulnerability has been resolved.
This fix is targeted for IBM HTTP Server fix packs:
- 8.0.0.12
- 8.5.5.7
Prerequisites
None
Installation Instructions
Please review the readme file for detailed installation instructions.
The interim fix files can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.
The interim fix is also available from Fix Central at the link listed in the Download Package section below.
Download Package
These fixes will upgrade your GSKit to 8.0.50.47.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24040686