关于IBM IHS CVE-2011-3192漏洞的修补方法

近日,客户转发一份漏洞修补报告,报告里由安全公司提供,报告里提及到IHS里一个漏洞CVE-2011-3192,经查,这个漏洞是早期就发现并存在的漏洞,只存在早期的IHS版本,在IHS8.0.0.1之前的IHS都受影晌,之后的IHS版本都不受影晌。估计是客户的IHS版本太老,应该是早期上线应用,现在才给扫描出漏洞.

下面为IBM 给出的漏洞说明及修补方法,以作记录:

针对这个漏洞:,IBM官方网站给于的方法如下,简单点说:就是IHS8 升级到IHS8.0.0.1以上,IHS7升级到ihs7.0.0.15以上, IHS6.1升级到ihs 6.1.0.35以上,再打IFIX PM46234,补充一点,这些IHS版本,IBM已经EOS。

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

Security Bulletin

Summary

Crafted range requests can result in potential denial of service with IBM HTTP Server (IHS).

Vulnerability Details

Potential denial of service from attack using crafted range requests (CVE Reference: CVE-2011-3192).

Affected Products and Versions

Affected:

  • IBM HTTP Server (IHS) Versions 2.0 (2.0.42 and 2.0.47), 6.0 through 6.0.2.43, 6.1 through 6.1.0.39, 7.0 through 7.0.0.19, and 8.0 are affected.

Remediation/Fixes

Apply Interim Fix APAR PM46234, or a Fix Pack containing this APAR, resolves this issue.

For IBM HTTP Server for distributed operating systems:

For Version 8.0:

  • Apply Interim Fix APAR PM46234.

–OR–

  • Apply Fix Pack 1, or later (8.0.0.1) (projected to be available 26 September 2011).

For Versions 7.0 and 7.0.0.19:

  • Apply Fix Pack 15, 17 or 19 (7.0.0.15, 7.0.0.17, 7.0.0.19), if not already at that level, then
  • Apply Interim Fix APAR PM46234.

–OR–

  • Apply Fix Pack 21, or later (7.0.0.21) (projected to be available 9 January 2012).

For Versions 6.1 through 6.1.0.39:

  • Apply Fix Pack 35, 37 or 39 (6.1.0.35, 6.1.0.37, 6.1.0.39), if not already at that level, then
  • Apply Interim Fix APAR PM46234.

–OR–

  • Apply Fix Pack 41, or later (6.1.0.41) (projected to be available 17 November 2011).

For Versions 6.0 through 6.0.2.42:

  • Apply Fix Pack 43 (6.0.2.43), if not already at that level, then
  • Apply Interim Fix APAR PM46234.

Note:

  • IBM HTTP Server Version 6.0.x was provided with WebSphere Application Server Version 6.0, which is no longer in service (ended September 2010).
  • Additional assistance will only be provided if you have a support extension contract in place, with the purchase of a support extension contract, or if you are otherwise entitled to support through another product.

以下文章点击率最高

Loading…

发表评论