IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server

There are multiple vulnerabilities in the GSKit component that is included in the IBM HTTP Server used by WebSphere Application Server.

CVE(s): CVE-2016-0702, CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447

Affected product(s) and affected version(s):

These vulnerabilities affect the following versions and releases of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products.

• Version 9.0
• Version 8.5
• Version 8.0
• Version 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015347
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111144
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

The post IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2GqjC9X