Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2396 Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal 2 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PureData System for Analytics Publisher: IBM Operating System: Linux variants Impact/Access: Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-0220 Reference: ESB-2019.2381 ESB-2019.2034 ESB-2019.1940 ESB-2019.1813 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10888053 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal Product: PureData System for Analytics Component: IBM Netezza Performance Portal Software version: All Versions Operating system(s): Platform Independent Reference #: 0888053 Security Bulletin Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-0220 DESCRIPTION: Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158948 for the current score CVSS Environmental Score*: Undefined CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions IBM Netezza Performance Portal 2.1.1.1-2.1.1.8 Remediation/Fixes +------------------------------+-------+-----------------------+ | Product | VRMF |Remediation / First Fix| +------------------------------+-------+-----------------------+ |IBM Netezza Performance Portal|2.1.1.9|Link to Fix Central | +------------------------------+-------+-----------------------+ Workarounds and Mitigations None Change History 01 July 2019: Original version published - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXRrOgmaOgq3Tt24GAQj0NQ/7BNjn6JBM62f5lSZ6YsHFZbcN0Lz9Op2n 8EIFqXzC0ub+aCT7eWuYWzay8jHZSCB3b4VxNuM+Whv2+yRAQE/XuJRnwzPhiuPR Q7Z1mb5V/4rpbo1godIWnjh8WfqKQT27NfVIgsBZZsga/o8NKSmL5PRqnSZad0sc vs5lrkfZQp5GwJJh0Psc/7HgBj77agZXyramPv4HDGttxouoKL2hpPrFHnW62bzr Z6Bck5snzmC1BvtjbeT69CwiJr0iy87nYsSa9BAr7M3xUpXqCigiE6nKTBd/EiQ2 0rjYLWze6Khjr4imWMdf8hDzYljTixujDIXXMRAKL2EBGKe8uX9fQG0c9DW9vBY3 nX8/HtIrLyjGfqBbshzVaV+1Gm9Ja5AJKxVmdV9UUHW/CfOWfFqwWVSWJFzHIvmZ TqAEKVJDUjwnERH1SsjthkiLCjHCYkNRYKh07c2VRjbvDtGt5FL9OB5rPnGInzX5 MUsW8DfX4zcrdJ2YzRiKEcFhDireeeDL6i3XOqGUZMjRTU1MK8l4kDAiaIEkGo/9 I7yTUKEmE8Ino4e3cBkSPJeoE3/SP0ySHvEE6iz/qgT33MECO5p3bxsQ54dNU16a 9uuBPBEFs9yXml0YFiWk6oU3dkLPoJGY3DeVcaY5lwyvzT/NVyjjZA1ApJ+P4tlh FcldfLFtrx4= =jyY9 -----END PGP SIGNATURE-----