Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities.

​IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information due to ignoring legacy content-type based configuration of handlers [CVE-2024-39884] and improper validation of input [CVE-2024-38476], a bypass of security restrictions due to a flaw in mod_proxy [CVE-2024-38473], and a server-side request forgery due to a flaw in the mod_rewrite [CVE-2024-39573] as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section. Read More 

Verified by MonsterInsights