{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Der IBM HTTP Server ist ein Webserver auf Apache Basis.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im IBM HTTP Server ausnutzen, um kryptografische Sicherheitsvorkehrungen zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2023-1302 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1302.json" }, { "category" : "self", "summary" : "WID-SEC-2023-1302 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1302" }, { "category" : "external", "summary" : "IBM Security Bulletin vom 2023-05-24", "url" : "https://www.ibm.com/support/pages/node/6998037" }, { "category" : "external", "summary" : "IBM Security Bulletin", "url" : "https://www.ibm.com/support/pages/node/7001289" }, { "category" : "external", "summary" : "IBM Security Bulletin 7007741 vom 2023-06-29", "url" : "https://www.ibm.com/support/pages/node/7007741" }, { "category" : "external", "summary" : "IBM Security Bulletin 7007429 vom 2023-06-29", "url" : "https://www.ibm.com/support/pages/node/7007429" }, { "category" : "external", "summary" : "IBM Security Bulletin 7014259 vom 2023-07-24", "url" : "https://www.ibm.com/support/pages/node/7014259" }, { "category" : "external", "summary" : "IBM Security Bulletin 7014651 vom 2023-07-26", "url" : "https://www.ibm.com/support/pages/node/7014651" }, { "category" : "external", "summary" : "IBM Security Bulletin 7027925 vom 2023-09-01", "url" : "https://www.ibm.com/support/pages/node/7027925" }, { "category" : "external", "summary" : "HCL Security Bulletin vom 2024-05-01", "url" : "https://support.hcltechsw.com/community?id=community_blog&sys_id=72d68adf1bf5c29c574121f7ec4bcbdb" }, { "category" : "external", "summary" : "HCL Article KB0112204 vom 2024-05-25", "url" : "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112204" }, { "category" : "external", "summary" : "IBM Security Bulletin 7160975 vom 2024-07-30", "url" : "https://www.ibm.com/support/pages/node/7160975" }, { "category" : "external", "summary" : "IBM Security Bulletin 7263239 vom 2026-03-11", "url" : "https://www.ibm.com/support/pages/node/7263239" } ], "source_lang" : "en-US", "title" : "IBM HTTP Server: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen", "tracking" : { "current_release_date" : "2026-03-11T23:00:00.000+00:00", "generator" : { "date" : "2026-03-12T10:16:40.809+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2023-1302", "initial_release_date" : "2023-05-24T22:00:00.000+00:00", "revision_history" : [ { "date" : "2023-05-24T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2023-06-05T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-06-28T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-07-24T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-07-25T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-08-31T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-05-01T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates aufgenommen" }, { "date" : "2024-05-26T22:00:00.000+00:00", "number" : "8", "summary" : "Neue Updates von HCL aufgenommen" }, { "date" : "2024-07-30T22:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2026-03-11T23:00:00.000+00:00", "number" : "10", "summary" : "Neue Updates von IBM aufgenommen" } ], "status" : "final", "version" : "10" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "HCL Commerce", "product" : { "name" : "HCL Commerce", "product_id" : "T019293", "product_identification_helper" : { "cpe" : "cpe:/a:hcltechsw:commerce:-" } } }, { "category" : "product_version_range", "name" : "<9.0.1.21", "product" : { "name" : "HCL Commerce <9.0.1.21", "product_id" : "T035061" } }, { "category" : "product_version", "name" : "9.0.1.21", "product" : { "name" : "HCL Commerce 9.0.1.21", "product_id" : "T035061-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:hcltechsw:commerce:9.0.1.21" } } }, { "category" : "product_version_range", "name" : "<9.1.13", "product" : { "name" : "HCL Commerce <9.1.13", "product_id" : "T035062" } }, { "category" : "product_version", "name" : "9.1.13", "product" : { "name" : "HCL Commerce 9.1.13", "product_id" : "T035062-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:hcltechsw:commerce:9.1.13" } } } ], "category" : "product_name", "name" : "Commerce" } ], "category" : "vendor", "name" : "HCL" }, { "branches" : [ { "category" : "product_name", "name" : "IBM Business Automation Workflow", "product" : { "name" : "IBM Business Automation Workflow", "product_id" : "T019704", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:-" } } }, { "branches" : [ { "category" : "product_version", "name" : "8.5", "product" : { "name" : "IBM HTTP Server 8.5", "product_id" : "T001650", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:http_server:8.5" } } }, { "category" : "product_version", "name" : "9", "product" : { "name" : "IBM HTTP Server 9.0", "product_id" : "T008162", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:http_server:9.0" } } } ], "category" : "product_name", "name" : "HTTP Server" }, { "category" : "product_name", "name" : "IBM Informix", "product" : { "name" : "IBM Informix", "product_id" : "5121", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:informix:-" } } }, { "branches" : [ { "category" : "product_name", "name" : "IBM MQ", "product" : { "name" : "IBM MQ", "product_id" : "T021398", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:mq:-" } } }, { "category" : "product_version", "name" : "appliance", "product" : { "name" : "IBM MQ appliance", "product_id" : "T025711", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:mq:appliance" } } } ], "category" : "product_name", "name" : "MQ" }, { "branches" : [ { "category" : "product_version", "name" : "9.0.1", "product" : { "name" : "IBM Rational ClearQuest 9.0.1", "product_id" : "433842", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:9.0.1" } } }, { "category" : "product_version", "name" : "9.0.2", "product" : { "name" : "IBM Rational ClearQuest 9.0.2", "product_id" : "T021437", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:9.0.2" } } }, { "category" : "product_version", "name" : "9.1", "product" : { "name" : "IBM Rational ClearQuest 9.1", "product_id" : "T021438", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:9.1" } } }, { "category" : "product_version", "name" : "10", "product" : { "name" : "IBM Rational ClearQuest 10.0", "product_id" : "T027869", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:10.0" } } } ], "category" : "product_name", "name" : "Rational ClearQuest" }, { "category" : "product_name", "name" : "IBM Security Verify Access", "product" : { "name" : "IBM Security Verify Access", "product_id" : "T026175", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_verify_access:10.0.x" } } }, { "branches" : [ { "category" : "product_version", "name" : "6.3.0.7", "product" : { "name" : "IBM Tivoli Monitoring 6.3.0.7", "product_id" : "342008", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:tivoli_monitoring:6.3.0.7" } } } ], "category" : "product_name", "name" : "Tivoli Monitoring" }, { "category" : "product_name", "name" : "IBM Workload Scheduler", "product" : { "name" : "IBM Workload Scheduler", "product_id" : "T051657", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:workload_scheduler:-" } } } ], "category" : "vendor", "name" : "IBM" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2023-32342", "product_status" : { "known_affected" : [ "433842", "T026175", "5121", "T019293", "T027869", "T021438", "T025711", "T035062", "T019704", "T021437", "T035061", "T051657", "T001650", "T008162", "342008", "T021398" ] }, "release_date" : "2023-05-24T22:00:00.000+00:00", "title" : "CVE-2023-32342" } ] }