Operating System:

[LINUX]

Published:

16 August 2019

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2019.3151 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3151
              IBM QRadar SIEM updates embedded Apache Tomcat
                              16 August 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           QRadar
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-10072  

Reference:         ESB-2019.2694
                   ESB-2019.2230

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10967625

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a
denial of service (CVE-2019-10072)

Document information
Component: Security Bulletin
Software version: 7.3
Operating system(s): Linux
Software edition: All Editions
Reference #: 0967625
Modified date: 15 August 2019

Summary

Open source Apache Tomcat vulnerable to a publicly disclosed vulnerability

Vulnerability Details

CVEID: CVE-2019-10072
Description: Apache Tomcat is vulnerable to a denial of service, caused by HTTP
/2 connection window exhaustion on write. By failing to send WINDOW_UPDATE
messages, a remote attacker could exploit this vulnerability to block threads
on the server and causing a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162806 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products and Versions

- - IBM QRadar 7.3 to 7.3.2 Patch 3

Remediation/Fixes

IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 4

Workarounds and Mitigations

None

Change History

August 15th, 2019: First Publish

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXVYNnWaOgq3Tt24GAQjCLw/5AT/dQDQ63L/r8r+0vl4ifhQ//X4O0fuA
uvK2JOgfDKWQQHz3EmODBEdZcFglAfdDCt0FUJ420aLAXCbM6MevTeVxW1jmDlNH
6t1m85ceRud447WgwUOAKwKgD6rmmlkr7uITP6eJ67dzp+J0KrEDFe7xdJuiqihH
WVBkFTXpxHy0/iDxt+92ptiB5pOz8TZxGORvExKXZD5kOwUmKKb9TjYeI2iqHde9
1R67p9KSJCQLQqP3ZBw0VX1edVzuh5sRxZsE+c4gDbF/Kh3uKzOveF1MvLgVQfjQ
hdnf5fXfgH/Gt5CpSO2OKubvjon3yy8k3G0c8ENlbn9zg7e4Mt5JUzLEzyfwvmxv
kA12t75CxvQz3dselR7L9aG7/FcsNMDZ6j1ihaLGZFU9Dpjy/TeYQstYEO23zvME
d3FvHeiVH8G8B8R2cjGq2jV+Q81topUWkP00OvLAGjnQJy2S33e08DUahKq8IvtO
1dL2hGn058NOcQvT8lIR2zCNqrBda2K1+VnWXBIrnu6Ctumd/uQ6bydEFDeu/+2M
Wnn5xFwpVRdnKiNe98owUhMlrMiSzdXPWxagVVhII8aS62DkaDa3mxVJgBgxAMe3
Ii+X4V5CWsRzC3N1Xcy0RdCNzBgNhvoumZErP6KvXHW4gw/y6b2uJQEecx/B1dln
81iDNxZuE0A=
=uy5P
-----END PGP SIGNATURE-----