Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0991 SE53614 - HTTPSVR - PATCH APACHE VULNERABILITIES CVE-2012-2687 16 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM HTTP Server Publisher: IBM Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-2687 Reference: ESB-2012.0799 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f - --------------------------BEGIN INCLUDED TEXT-------------------- SE53614 - HTTPSVR - PATCH APACHE VULNERABILITIES CVE-2012-2687 APAR (Authorized Program Analysis Report) Abstract HTTPSVR - PATCH APACHE VULNERABILITIES CVE-2012-2687 Error Description Update IBM HTTP Server for i to comply with security vulnerabilities CVE-2012-2687 to maintain PCI compliance. Problem Summary Update IBM HTTP Server for i to comply with security vulnerabilities CVE-2012-2687 to maintain PCI compliance. Problem Conclusion Security vulnerabilities CVE-2012-2687 have been updated to IBM HTTP Server for i. Affected Publications Summary Information Status............................................ CLOSED PER HIPER........................................... No Component.................................. 5761DG100 Failing Module.......................... RCHMGR Reported Release................... R610 Duplicate Of.............................. System i Support IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information. Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUHy3i+4yVqjM2NGpAQLisw//SPAQUCzVUsXak4aqyaY7rbYfRnuwvxrW v3nUn8/UWGrq5bZoeuTJ4eXL1JWsw1f/JVzom9MBbk03xNxAoiPJxlYs5nbi4AnK L3bel4BibNCYVMV6GzY3EBxHfCKjQxSQzwjuMfezO/XCzq4pDS6FItJRIC1Gw0xG 09aUkOeOP8sr8apcSblxVBZDnNo3vIt/kDByTANYEpHM0WKfMZQ+SfV3+93RpU4X tTqjVsntHTMAFi+CUEdSsAkbTRJ6kKDnfkjGuS8VDOtsyshytTxfXgVziNCSmfBH CBB+uLaU4UQ5a10qTtDSmnERTQytW05RP5Rb1oDrqzKM9Vxm8bD8ow+SlP3O4Ykz lhAAmpyEhoPYpjUEqub9jJGiH4lSt1Wrokg2Zjwc9CrU4LuJXnGquDoq4e206AlL M1KnY7ZxeRWn0AuPia8qkkffXpozYVoGmKu1EN3jnTpET3epN2nAtrrJqivfq8wO H9qjfKS8LOK7fcXVXf2Vu/f3yklR+3vldO5XbnDZu5Ji7BKWEEELF6eFgEN/kCTP 5FTT8JCz1n01nrO9tYQxC+4ntJf0yEK3R2ln7+dJax6fmavWfuLRb/LLq3Oejrcp AP/X5y7GNqJEsZ70AGOzGlyJGUwgkj6r599+Kl4AfnUMAxyWQzmVxbT4R9TFK9aJ hm55AAVth0I= =iY6c -----END PGP SIGNATURE-----