IBM Support

PH06010: Potential security vulnerability in the IBM HTTP Server (CVE-2018-17199)

Download


Abstract

Potential security vulnerability in the IBM HTTP Server (CVE-2018-17199)

Download Description

PH06010 resolves the following problem:

ERROR DESCRIPTION:
There is a vulnerability associated with the mod_session modules inadvertently shipped in IBM HTTP Server 9.0.
(The z/OS platform is unaffected since the affected module was never provided there.) 

PROBLEM SUMMARY:
A vulnerability associated with the mod_session modules could allow a remote attacker to bypass security restrictions.

PROBLEM CONCLUSION:
The mod_session modules are removed and the vulnerability resolved.
This fix is targeted for IBM HTTP Server fix packs:
- 9.0.0.11

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 Readme 2289
V90 Archive Readme 1573

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

9.0.0.8-WS-WASIHS-MultiOS-IFPH06010 03-12-2019 255083 FC
9.0.0.10-WS-WASIHS_Archive-AixPPC64-IFPH06010 03-12-2019 25464988 FC
9.0.0.10-WS-WASIHS_Archive-LinuxPPC64LE-IFPH06010 03-12-2019 18343677 FC
9.0.0.10-WS-WASIHS_Archive-LinuxS39064-IFPH06010 03-12-2019 20787786 FC
9.0.0.10-WS-WASIHS_Archive-LinuxX64-IFPH06010 03-12-2019 19483015 FC
9.0.0.10-WS-WASIHS_Archive-WinX32-IFPH06010 03-12-2019 25728609 FC
9.0.0.10-WS-WASIHS_Archive-WinX64-IFPH06010 03-12-2019 26629615 FC

Problems Solved

PH06010

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PH06010

Document information

More support for: WebSphere Application Server

Component: IBM HTTP Server

Software version: 9.0.0.8, 9.0.0.9, 9.0.0.10

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: Enterprise,Network Deployment,Advanced,Base,Single Server

Reference #: 0875878

Modified date: 14 March 2019