Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2772 Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220) 25 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Rational Build Forge Publisher: IBM Operating System: AIX Linux variants Solaris Windows Impact/Access: Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-0220 CVE-2019-0217 CVE-2019-0215 CVE-2019-0211 CVE-2019-0197 CVE-2019-0196 Reference: ASB-2019.0204 ESB-2019.2396 ESB-2019.2381 ESB-2019.2162 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881246 - --------------------------BEGIN INCLUDED TEXT-------------------- Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220) Product: Rational Build Forge Component: Web Console Software version: 8.0.0.6, 8.0.0.7, 8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11 Operating system(s): AIX, Linux, Solaris, Windows Software edition: Enterprise, Enterprise Plus, Express, Standard Reference #: 0881246 Security Bulletin Summary Apache HTTP Server has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forge. CVEID: CVE-2019-0220 DESCRIPTION: Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158948 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-0196 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a use-after-free on a string compare in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158963 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-0197 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when HTTP/2 or H2Upgrade was enabled for http/https host in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158964 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-0217 DESCRIPTION: Apache HTTP Server could allow a remote authenticated attacker to bypass security restrictions, caused by a race condition in mod_auth_digest when running in a threaded server. An attacker could exploit this vulnerability to bypass access restrictions. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158950 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-0215 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by a bug in mod_ssl. An attacker could exploit this vulnerability to bypass configured access control restrictions. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158951 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-0211 DESCRIPTION: Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules' scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. CVSS Base Score: 8.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158929 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) Affected Products and Versions IBM Rational Build Forge 8.0 to 8.0.0.11. Remediation/Fixes You must download the Fix pack specified in the following table and apply it. +----------------------------+------------------------------------------------+ |Affected Supporting Product |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Rational Build Forge 8.0|Rational Build Forge 8.0.0.12 Download . | |- 8.0.0.11 | | +----------------------------+------------------------------------------------+ Workarounds and Mitigations None. Acknowledgement None Change History 28 June 2019 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXTktL2aOgq3Tt24GAQggcw/9GmEpdID2r6Ovrk8upxZORBf4YWO4sJ1M GTLC2Kluifkcr3XvecZVE405lDQTJya3836C7A9NrUaLMzzJ2Cq7F1O6+86/Prov nRNQ6GCmVq+37SuF2kgERtbz3pYUROZop/oAZEubvzgu376apAXTPyf0WLiOO+nC P4LGKbjf5rAhzIHIDHJMI7/O+Xj57PQQW8yPXLAj8czLsPzj1zAIUaRdXvrvKoM1 N3Pj2uFr1aizI6HXj716liO4btIjnWNHY2YhIeGhaXhTUBeW78+HpwpdyIVfvEHU lP5K5tcstcfLOE3U0oz9p4Rs1oqEakH63EajxgZbN09tbiZWJXe0k6Ecb6/A5xhF F7F2TG1kHlXercTCy6EwT4q6yFLDBlCyDZ6GiQL87I3jGvjIhNcrqKusWOwtJ7PB Zmqq352Y92E0SJprCc4MK/QtPd5TeMCCT5BraDeZ7mrKS01Z12frLu/pWu71eJcL 8lntltTJgN7lxEccQBGht9lNHYrjRcGHErwMBBRKy4cFES3C8k1GZvwFRMj3xhgp 2TGc7RqoDW3YmWGrILuazvehUNoiVVEc9Fk+8xzKEOFrkWLQTKc1HfGGHZ0vQ7oN 2I+SoXLfFVdzv4TC8FNDHVMzYLRvr9G5uHrPb4NZpE2LdU/loaCF3B8OFpbV2e8O GjootziYMFo= =oQ0n -----END PGP SIGNATURE-----