Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
Potential security vulnerability in the IBM HTTP Server (CVE-2018-17199, CVE-2021-26691 and CVE-2021-26690)
Download Description
PH06010 resolves the following problem:
ERROR DESCRIPTION:
There are vulnerabilities associated with the mod_session modules inadvertently shipped in IBM HTTP Server 9.0.
(The z/OS platform is unaffected since the affected module was never provided there.)
PROBLEM SUMMARY:
A vulnerability associated with the mod_session modules could allow a remote attacker to bypass security restrictions (CVE-2018-17199).
ERROR DESCRIPTION:
There are vulnerabilities associated with the mod_session modules inadvertently shipped in IBM HTTP Server 9.0.
(The z/OS platform is unaffected since the affected module was never provided there.)
PROBLEM SUMMARY:
A vulnerability associated with the mod_session modules could allow a remote attacker to bypass security restrictions (CVE-2018-17199).
Multiple vulnerabilities in mod_session may allow denial of service (CVE-2021-26691 and CVE-2021-26690)
PROBLEM CONCLUSION:
The mod_session modules are removed and the vulnerability resolved.
This fix is targeted for IBM HTTP Server fix packs:
- 9.0.0.11
PROBLEM CONCLUSION:
The mod_session modules are removed and the vulnerability resolved.
This fix is targeted for IBM HTTP Server fix packs:
- 9.0.0.11
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V90 Readme | 2289 |
V90 Archive Readme | 1573 |
Download Package
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
DOWNLOAD Options |
---|---|---|---|
9.0.0.8-WS-WASIHS-MultiOS-IFPH06010 | 03-12-2019 | 255083 | FC |
9.0.0.10-WS-WASIHS_Archive-AixPPC64-IFPH06010 | 03-12-2019 | 25464988 | FC |
9.0.0.10-WS-WASIHS_Archive-LinuxPPC64LE-IFPH06010 | 03-12-2019 | 18343677 | FC |
9.0.0.10-WS-WASIHS_Archive-LinuxS39064-IFPH06010 | 03-12-2019 | 20787786 | FC |
9.0.0.10-WS-WASIHS_Archive-LinuxX64-IFPH06010 | 03-12-2019 | 19483015 | FC |
9.0.0.10-WS-WASIHS_Archive-WinX32-IFPH06010 | 03-12-2019 | 25728609 | FC |
9.0.0.10-WS-WASIHS_Archive-WinX64-IFPH06010 | 03-12-2019 | 26629615 | FC |
Problems Solved
- PH06010 (CVE-2018-17199)
- CVE-2021-26691 and CVE-2021-26690
Change History
20210621: Added CVE-2021-26691 and CVE-2021-26690
On
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0.0.10;9.0.0.8;9.0.0.9","Edition":"Enterprise,Network Deployment,Advanced,Base,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
22 June 2021
UID
ibm10875878