Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

IBM Corporation Information for VU#944335

Date Notified06/14/2002
Date Modified11/02/2007 12:02:10 PM
Status SummaryVulnerable

Vendor Statement

IBM makes the Apache Server availble for AIX customers as a software package under the AIX-Linux Affinity initiative. This package is included on the AIX Toolbox for Linux Applications CD, and can be downloaded via the IBM Linux Affinity website. The currently available version of Apache Server is susceptible to the vulnerability described here. We will update our Apache Server offering shortly to version 1.3.23, including the patch for this vulnerability; this update will be made available for downloading by accessing this URL:
and following the instructions presented there.

Please note that Apache Server, and all Linux Affinity software, is offered on an "as-is" basis. IBM does not own the source code for this software, nor has it developed and fully tested this code. IBM does not support these software packages.

The IBM HTTP Server product, which is also bundeled with the Websphere product,is based on the Apache server. As such, it is vulnerable to the current "Chunk Handling" issue and we are woring on a patch for this problem with all due haste. This statement will be updated as more information becomes available.

Information for the Websphere patches is available from the web. Go to this URL:

Click on the "Websphere Flashes" link and look for the item for "IBM HTTP Server". This will contain information on the exposure and links to the patches.

The IBM HMC product is also affected by the Apache vulnerability described above. The HMC is the hardware monitor and control console used with IBM's Regatta systems. This is a seperate hardware unit that uses a Linux-based operating system and Open Source software.

Customers are advised to obtain the latest security paches for the HMC. These patches will be available early next week from the following URL:

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information