Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2772
Rational Build Forge Security Advisory for Apache HTTP Server
(CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217;
and CVE-2019-0220)
25 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Rational Build Forge
Publisher: IBM
Operating System: AIX
Linux variants
Solaris
Windows
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0220 CVE-2019-0217 CVE-2019-0215
CVE-2019-0211 CVE-2019-0197 CVE-2019-0196
Reference: ASB-2019.0204
ESB-2019.2396
ESB-2019.2381
ESB-2019.2162
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10881246
- --------------------------BEGIN INCLUDED TEXT--------------------
Rational Build Forge Security Advisory for Apache HTTP Server
(CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and
CVE-2019-0220)
Product: Rational Build Forge
Component: Web Console
Software version: 8.0.0.6, 8.0.0.7, 8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11
Operating system(s): AIX, Linux, Solaris, Windows
Software edition: Enterprise, Enterprise Plus, Express, Standard
Reference #: 0881246
Security Bulletin
Summary
Apache HTTP Server has security vulnerabilities that allows a remote attacker
to exploit the application. Respective security vulnerabilities are discussed
in detail in the subsequent sections.
Vulnerability Details
This section includes the vulnerability details that affects the Rational Build
Forge.
CVEID: CVE-2019-0220
DESCRIPTION: Apache HTTP Server could provide weaker than expected security,
caused by URL normalization inconsistencies. A remote attacker could exploit
this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-0196
DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by
a use-after-free on a string compare in the mod_http2 module. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158963 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-0197
DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by
a flaw when HTTP/2 or H2Upgrade was enabled for http/https host in the
mod_http2 module. By sending a specially-crafted request, a remote attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158964 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-0217
DESCRIPTION: Apache HTTP Server could allow a remote authenticated attacker to
bypass security restrictions, caused by a race condition in mod_auth_digest
when running in a threaded server. An attacker could exploit this vulnerability
to bypass access restrictions.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158950 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-0215
DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass
security restrictions, caused by a bug in mod_ssl. An attacker could exploit
this vulnerability to bypass configured access control restrictions.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158951 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-0211
DESCRIPTION: Apache HTTP Server could allow a local authenticated attacker to
gain elevated privileges on the system, caused by the execution of code in
less-privileged child processes or threads from modules' scripts. By
manipulating the scoreboard, an attacker could exploit this vulnerability to
execute arbitrary code on the system with root privileges.
CVSS Base Score: 8.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158929 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Affected Products and Versions
IBM Rational Build Forge 8.0 to 8.0.0.11.
Remediation/Fixes
You must download the Fix pack specified in the following table and apply it.
+----------------------------+------------------------------------------------+
|Affected Supporting Product |Remediation/Fix |
+----------------------------+------------------------------------------------+
|IBM Rational Build Forge 8.0|Rational Build Forge 8.0.0.12 Download . |
|- 8.0.0.11 | |
+----------------------------+------------------------------------------------+
Workarounds and Mitigations
None.
Acknowledgement
None
Change History
28 June 2019
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXTktL2aOgq3Tt24GAQggcw/9GmEpdID2r6Ovrk8upxZORBf4YWO4sJ1M
GTLC2Kluifkcr3XvecZVE405lDQTJya3836C7A9NrUaLMzzJ2Cq7F1O6+86/Prov
nRNQ6GCmVq+37SuF2kgERtbz3pYUROZop/oAZEubvzgu376apAXTPyf0WLiOO+nC
P4LGKbjf5rAhzIHIDHJMI7/O+Xj57PQQW8yPXLAj8czLsPzj1zAIUaRdXvrvKoM1
N3Pj2uFr1aizI6HXj716liO4btIjnWNHY2YhIeGhaXhTUBeW78+HpwpdyIVfvEHU
lP5K5tcstcfLOE3U0oz9p4Rs1oqEakH63EajxgZbN09tbiZWJXe0k6Ecb6/A5xhF
F7F2TG1kHlXercTCy6EwT4q6yFLDBlCyDZ6GiQL87I3jGvjIhNcrqKusWOwtJ7PB
Zmqq352Y92E0SJprCc4MK/QtPd5TeMCCT5BraDeZ7mrKS01Z12frLu/pWu71eJcL
8lntltTJgN7lxEccQBGht9lNHYrjRcGHErwMBBRKy4cFES3C8k1GZvwFRMj3xhgp
2TGc7RqoDW3YmWGrILuazvehUNoiVVEc9Fk+8xzKEOFrkWLQTKc1HfGGHZ0vQ7oN
2I+SoXLfFVdzv4TC8FNDHVMzYLRvr9G5uHrPb4NZpE2LdU/loaCF3B8OFpbV2e8O
GjootziYMFo=
=oQ0n
-----END PGP SIGNATURE-----