Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.

​IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference [CVE-2024-38477], executing arbitrary code due to an encoding issue in mod_rewrite [CVE-2024-38474], and improper escaping in mod_rewrite resulting in access to files [CVE-2024-38475] as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section. Read More