vulnerability

IBM HTTP Server: CVE-2018-1426: OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Mar 22, 2018	Jun 22, 2018	Dec 21, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Mar 22, 2018

Added

Jun 22, 2018

Modified

Dec 21, 2018

Description

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

Solutions

ibm-http_server-apply-fix-pack-8_5_5_14ibm-http_server-apply-fix-pack-9_0_0_8ibm-http_server-apply-interim-fix-pi94222-for-8_0ibm-http_server-apply-interim-fix-pi94222-for-8_5ibm-http_server-apply-interim-fix-pi94222-for-9_0

References

BID-105580
CVE-2018-1426
https://attackerkb.com/topics/CVE-2018-1426

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today