Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system.
Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules’ scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
IBM WebSphere Application Server versions 188.8.131.52 through 184.108.40.206
Apply Interim Fix PH09869 and PH11381 or apply Fix Pack 220.127.116.11 or later (scheduled to be released on 2Q 2019.