{"id":2088,"date":"2025-04-28T22:33:21","date_gmt":"2025-04-28T22:33:21","guid":{"rendered":"http:\/\/localhost\/?p=2088"},"modified":"2025-04-28T22:33:21","modified_gmt":"2025-04-28T22:33:21","slug":"security-bulletin-ibm-rational-build-forge-80x-is-affected-by-apache-http-server-version-used-in-it","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2088","title":{"rendered":"Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-28T20:41:23<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-29T02:56:50<\/td>\n<\/tr>\n
CVSS Score<\/th>\n7.5 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nNONE<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nNONE<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2019-17567, CVE-2020-13938, CVE-2020-13950, CVE-2020-26691, CVE-2020-35452, CVE-2021-26690, CVE-2021-30641, CVE-2021-31618<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM Rational Build Forge version 8.0.x is affected by CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2021-31618
\n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in the HTTP\/2 protocol handler. By sending a specially crafted HTTP\/2 request, a remote attacker could exploit this vulnerability to cause a denial of service.
\nCVSS Base score: 5.9
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203466 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2020-13950
\n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted requests using both Content-Length and Transfer-Encoding headers, a remote attacker could exploit this vulnerability to crash mod_proxy_http.
\nCVSS Base score: 3.7
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203462 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2019-17567
\n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by mod_proxy_wstunnel being configured on an URL that is not necessarily upgraded by the origin server. An attacker could exploit this vulnerability to allow requests on the same connection to pass through with no HTTP validation, authentication or authorization.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203461 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2020-26691
\n**DESCRIPTION:**
\nCVSS Base score: 5.6
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L) <\/p>\n

**CVEID:**CVE-2021-26690
\n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference. A remote attacker could exploit this vulnerability using a specially crafted Cookie header handled by mod_session to cause the system to crash.
\nCVSS Base score: 3.7
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203464 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2020-13938
\n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of insufficient privileges. A local attacker could exploit this vulnerability to stop httpd on Windows, resulting in a denial of service.
\nCVSS Base score: 6.2
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203460 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2021-30641
\n**DESCRIPTION:** Apache HTTP Server could provide weaker than expected security, caused by unexpected URL matching behavior with ‘MergeSlashes OFF. An attacker could exploit this vulnerability to match URLs from all sites in the same domain and launch further attacks on the system.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203459 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2020-35452
\n**DESCRIPTION:** Apache HTTP Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by mod_auth_digest. By using a specially crafted Digest nonce, a remote attacker could overflow a buffer and possibly launch further attacks on the system.
\nCVSS Base score: 3.7
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/203463 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N)<\/p>\n

## Affected Products and Versions<\/p>\n

Affected Product(s) | Version(s)
\n—|—
\nBuild Forge | 8.0 – 8.0.0.20 <\/p>\n

## Remediation\/Fixes<\/p>\n

You must download the fix pack specified in the following table and apply it. **Affected Supporting Product(s)** | **Remediation\/Fix**
\n—|—
\nIBM Rational Build Forge 8.0 to 8.0.0.20 | Download IBM Rational Build Forge 8.0.0.21. The fix includes Apache-HTTP-Server-2.4.52 <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n7.5<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n