IBM Support

PI39833: CVE-2015-1829 for IBM HTTP Server on Windows

Download


Abstract

CVE-2015-1829 for IBM HTTP Server on Windows

Download Description

PI39833 resolves the following problem:

ERROR DESCRIPTION:
IBM HTTP Server on Windows may be susceptible to "named pipe
squatting attacks" from attackers with access to the web server
operating system. This can result in a local denial of service.

LOCAL FIX:

PROBLEM SUMMARY:
A denial of service attack can be performed by someone with
access to the web server's machine. This is a fix for
CVE-2015-1829.

PROBLEM CONCLUSION:
Named pipe handling has been altered to prevent squatting attacks.

This fix is targeted for IBM HTTP Server fix packs:
- 7.0.0.39
- 8.0.0.11
- 8.5.5.7

Prerequisites

IMPORTANT NOTE: The interim fix for 6.1.0.47 requires the installed global GSKit be at a minimum level as provided by either of the following interim fixes, else IBM HTTP Server may not start after application of this interim fix: PI05309, PI09443, PI36417

UpdateInstaller is required for IHS 7.0 and 6.1 interim fixes.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"Windows","code":"PF033"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

For IHS 8.0 and 8.5.5, the interim fix can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.

The interim fix is also available from Fix Central at the link listed in the Download Package section below.

Download Package

The 6.1 version of this interim fix is a cumulative interim fix. See the fix readme.txt for more information.

On
[{"DNLabel":"8.5.5.5 Windows","DNDate":"9 Jun 2015","DNLang":"US English","DNSize":"759514","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.5-WS-WASIHS-WinX3264-IFPI39833&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.10 Windows","DNDate":"9 Jun 2015","DNLang":"US English","DNSize":"760336","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.9-WS-WASIHS-WinX3264-IFPI39833&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.37 Windows","DNDate":"9 Jun 2015","DNLang":"US English","DNSize":"552946","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.37-WS-WASIHS-WinX32-IFPI39833&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 Windows","DNDate":"9 Jun 2015","DNLang":"US English","DNSize":"4607406","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-WinX32-IFPI39833&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.6 Windows","DNDate":"26 Jun 2015","DNLang":"US English","DNSize":"759512","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.6-WS-WASIHS-WinX3264-IFPI39833&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.5.5.6;8.5.5.5;8.0.0.9;8.0.0.10;7.0.0.37;6.1.0.47","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24040155

Page Feedback