Rewterz Threat Alert – APT 33 Resurfaces with Fresh Attacks – IoCs
June 27, 2019Rewterz Threat Advisory – CVE-2018-10902 – IBM Security Guardium Linux Kernel Privilege Escalation Vulnerability
June 28, 2019Rewterz Threat Alert – APT 33 Resurfaces with Fresh Attacks – IoCs
June 27, 2019Rewterz Threat Advisory – CVE-2018-10902 – IBM Security Guardium Linux Kernel Privilege Escalation Vulnerability
June 28, 2019Severity
Medium
Analysis Summary
CVE-2019-0220
Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2019-0211
Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules’ scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVE-2019-4269
Impact
- Privilege escalation
- Exposure of sensitive information
- Security Bypass
Affected Vendors
IBM
Affected Products
IBM WebSphere Application Server versions 9.0.0.0 through 9.0.0.11
Remediation
Apply Interim Fix PH09869 and PH11381 or apply Fix Pack 9.0.5.0 or later (scheduled to be released on 2Q 2019.