search cancel

Sysload Monitor: Vulnerabilities in Apache and PHP

book

Article ID: 188649

calendar_today

Updated On:

Products

CA Automic Sysload

Issue/Introduction

Multiple Vulnerabilities were found on Sysload Monitor as it uses Apache Httpd server 2.4.10 and PHP 5.6.3.

Details of the potential vulnerabilities found:

Apache:

Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
Apache 2.4.x < 2.4.39 Multiple Vulnerabilities
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
Apache 2.4.x < 2.4.35 DoS

CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679
CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, CVE-2017-9788, CVE-2017-9789, CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312,CVE-2018-1333, CVE-2018-8011, CVE-2018-17189, CVE-2018-17199, CVE-2019-0190, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211,
CVE-2019-0215, CVE-2019-0217, CVE-2019-0220, CVE-2018-11763, CVE-2017-9798

-------------------------------------------------------------

PHP:

PHP 5.6.x < 5.6.36 Multiple Vulnerabilities
PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
PHP prior to 5.5.x < 5.5.31 / 5.6.x < 5.6.17 Multiple Vulnerabilities
PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability
CVE-2015-7803, CVE-2015-7804, CVE-2016-1903, CVE-2016-5114, CVE-2016-7478, CVE-2016-9933,
CVE-2016-9934, CVE-2018-5711, CVE-2018-5712, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548,
CVE-2018-10549, CVE-2018-14851, CVE-2018-14883, CVE-2018-15132, CVE-2018-17082

Cause

Apache and PHP versions integrated within Sysload Monitor containing recently discovered vulnerabilities.

Environment

Release : 6.0.0
Component : Sysload Monitor

 

Resolution

Update to a fix version listed below or a newer version if available.

Fix version(s): 
Component: Sysload Monitor
Sysload 6.0.0 HF2 - Released 10th April 2020

Please apply the instuctions indicated in the file readme.txt


 

Additional Information

Additionally, no more license is needed in Sysload Monitor since this version 6.0.0 HF2.

This patch contains the following modules:

- Sysload Monitor 6.00 build 93.4
- Apache 2.4.41
- PHP 7.4.1