Ibm: >> Http Server >> 9.0.5.15 Security Vulnerabilities
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
CVSS Score
8.1
EPSS Score
0.005
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
CVSS Score
7.7
EPSS Score
0.002
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service.
CVSS Score
8.0
EPSS Score
0.003
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.
CVSS Score
7.3
EPSS Score
0.003
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
CVSS Score
6.2
EPSS Score
0.002
Published
2026-05-26
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.
CVSS Score
7.5
EPSS Score
0.009
Published
2023-05-30