PQ74644: CAN-2003-0189 and CAN-2003-0245 exposures | |||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description CAN-2003-0245 is a published vulnerability that is covered by this APAR. This vulnerability allows a remote attacker to cause IHS child process to crash. It is possible only if WebDAV is enabled and publically accessible. All IHS 2.0.42.x platforms are affected. The vulnerability does not lead to an information leak. The recommended work-around prior to an available fix is to not enable WebDAV over the public network. CAN-2003-0189 is a published vulnerability that is covered by this APAR. This vulnerability allows a remote attacker to cause a denial of service with basic authentication. Depending on the OS, the denial of service can be intermittent or can last until IHS is restarted. The affected IHS platforms are Linux and AIX.Local fix Non availableProblem summary Problems in libapr resulted in non-thread-safe crypt() usage on Linux and AIX, and possible segfault in memory management (triggerable via mod_dav).Problem conclusion Temporary fix PQ85834 cumulative e-fix has this resolvedComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > IBM HTTP Server >
Runtime
Operating system(s):
Software version: 00S
Software edition:
Reference #: PQ74644
IBM Group: Software Group
Modified date: May 13, 2004
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.