PI54962: CVE-2016-0201 for IBM HTTP Server

Download

Abstract

CVE-2016-0201 for IBM HTTP Server

Download Description

PI54962 resolves the following problem:

ERROR DESCRIPTION:
Potential information exposure in IBM HTTP Server due to GSKit vulnerability.

LOCAL FIX:

PROBLEM SUMMARY:
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.

PROBLEM CONCLUSION:
The bundled GSKit is upgraded to the 8.0.50.57 version, in which the vulnerability has been resolved.

This fix is targeted for IBM HTTP Server fix packs:
- 8.0.0.13
- 8.5.5.9

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

The interim fix files can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.
The interim fix is also available from Fix Central at the link listed in the Download Package section below.

Download Package

These fixes will upgrade your GSKit to 8.0.50.57.
Note: This iFix includes the fix for PI52395 (which resolves the CVE-2015-7420 GSKit vulnerability).

          [{"DNLabel":"8.0.0.10 - 8.0.0.11 MultiOS","DNDate":"27 Jan 2016","DNLang":"US English","DNSize":"315201756","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.10-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.7 - 8.5.5.8 MultiOS","DNDate":"27 Jan 2016","DNLang":"US English","DNSize":"335604822","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.7-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.12 MultiOS","DNDate":"1 Feb 2016","DNLang":"US English","DNSize":"157706722","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.12-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0 - 8.0.0.9 MultiOS","DNDate":"3 Feb 2016","DNLang":"US English","DNSize":"157886281","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4 - 8.5.5.6 MultiOS","DNDate":"3 Feb 2016","DNLang":"US English","DNSize":"167959384","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0 - 8.5.5.3 MultiOS","DNDate":"3 Feb 2016","DNLang":"US English","DNSize":"157849448","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WASIHS_GSKit-MultiOS-IFPI54962&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.7;8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.11;8.0.0.10;8.0.0.1;8.0;8.5.5.8;8.0.0.12","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PI54962

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24041672

Tips