📢 New security bulletin from IBM – CVE-2024-6387
🚨 IBM HTTP Server (powered by Apache) is vulnerable to several critical attacks:
✔️ Denial of service (DoS) 💥
✔️ Arbitrary code execution 🖥️⚠️
✔️ Unauthorized access to system files 🔓
These vulnerabilities affect the Apache HTTP Server, used by the IBM HTTP Server, and allow remote attackers to compromise your system.
⚠️ Details of identified vulnerabilities
🔴 [CVE-2024-38477] Denial of service via mod_proxy
🔹 Impact : By sending a specially crafted request, a remote attacker can cause a server crash via NULL pointer dereferencing.
🔹 CVSS score: 7.5 / 10
🔴 [CVE-2024-38474] Arbitrary code execution via mod_rewrite
🔹 Impact : An encoding problem in mod_rewrite would allow an attacker to execute scripts in authorized directories.
🔹 CVSS score: 8.2 / 10
🔴 [CVE-2024-38475] Unauthorized access to files via mod_rewrite
🔹 Impact : An improper escapement flaw allows URLs to be mapped to normally inaccessible file system locations, potentially leading to code execution or disclosure of sensitive files.
🔹 CVSS score: 8.2 / 10
📌 Source & official details: 🔗 View IBM alert
✅ Recommended action?
💡 IBM strongly recommends that you update your IBM HTTP Server to correct these vulnerabilities and secure your environment.
⚠️ Don’t delay in applying this patch to secure your development environment!
⚡ Act now to secure your IT environment with STR-iCT!
🔐 Keep up to date with the latest cybersecurity alerts! 🚀
