Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system.
Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules’ scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
IBM WebSphere Application Server versions 126.96.36.199 through 188.8.131.52
Apply Interim Fix PH09869 and PH11381 or apply Fix Pack 184.108.40.206 or later (scheduled to be released on 2Q 2019.