Operating System:

[LINUX]

Published:

02 July 2019

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2019.2396 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2396
  Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal
                                2 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           PureData System for Analytics
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Reduced Security -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-0220  

Reference:         ESB-2019.2381
                   ESB-2019.2034
                   ESB-2019.1940
                   ESB-2019.1813

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10888053

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal

Product:             PureData System for Analytics
Component:           IBM Netezza Performance Portal
Software version:    All Versions
Operating system(s): Platform Independent
Reference #:         0888053

Security Bulletin

Summary

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza
Performance Portal has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2019-0220
DESCRIPTION: Apache HTTP Server could provide weaker than expected security,
caused by URL normalization inconsistencies. A remote attacker could exploit
this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Netezza Performance Portal 2.1.1.1-2.1.1.8

Remediation/Fixes

+------------------------------+-------+-----------------------+
|           Product            | VRMF  |Remediation / First Fix|
+------------------------------+-------+-----------------------+
|IBM Netezza Performance Portal|2.1.1.9|Link to Fix Central    |
+------------------------------+-------+-----------------------+

Workarounds and Mitigations

None

Change History

01 July 2019: Original version published

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXRrOgmaOgq3Tt24GAQj0NQ/7BNjn6JBM62f5lSZ6YsHFZbcN0Lz9Op2n
8EIFqXzC0ub+aCT7eWuYWzay8jHZSCB3b4VxNuM+Whv2+yRAQE/XuJRnwzPhiuPR
Q7Z1mb5V/4rpbo1godIWnjh8WfqKQT27NfVIgsBZZsga/o8NKSmL5PRqnSZad0sc
vs5lrkfZQp5GwJJh0Psc/7HgBj77agZXyramPv4HDGttxouoKL2hpPrFHnW62bzr
Z6Bck5snzmC1BvtjbeT69CwiJr0iy87nYsSa9BAr7M3xUpXqCigiE6nKTBd/EiQ2
0rjYLWze6Khjr4imWMdf8hDzYljTixujDIXXMRAKL2EBGKe8uX9fQG0c9DW9vBY3
nX8/HtIrLyjGfqBbshzVaV+1Gm9Ja5AJKxVmdV9UUHW/CfOWfFqwWVSWJFzHIvmZ
TqAEKVJDUjwnERH1SsjthkiLCjHCYkNRYKh07c2VRjbvDtGt5FL9OB5rPnGInzX5
MUsW8DfX4zcrdJ2YzRiKEcFhDireeeDL6i3XOqGUZMjRTU1MK8l4kDAiaIEkGo/9
I7yTUKEmE8Ino4e3cBkSPJeoE3/SP0ySHvEE6iz/qgT33MECO5p3bxsQ54dNU16a
9uuBPBEFs9yXml0YFiWk6oU3dkLPoJGY3DeVcaY5lwyvzT/NVyjjZA1ApJ+P4tlh
FcldfLFtrx4=
=jyY9
-----END PGP SIGNATURE-----