IBM software like HTTP Server is vulnerable to DoS and malicious code attacks
Attackers can exploit several security vulnerabilities in IBM HTTP Server, License Metric Tool, and WebSphere Application Server. Patches provide a remedy.
(Image: janews/Shutterstock.com)
If attackers successfully exploit software vulnerabilities in IBM HTTP Server, License Metric Tool v9, WebSphere Application Server, and WebSphere Application Server Liberty, they can disable or even completely compromise systems. Admins should install the patched versions promptly.
Remote Code Execution
In a warning message, the developers state that HTTP Server is vulnerable through a total of nine security flaws. One vulnerability (CVE-2026-9170) is considered “critical.” Because inputs are not sufficiently validated, attackers can exploit the flaw with unspecified requests. This can lead to crashes (DoS) or remote code execution.
The remaining vulnerabilities are mostly classified as “high” threat level. Primarily DoS attacks are possible here. To protect servers, admins must install a fix as an interim solution, as described in a post. Security updates are announced for the third quarter.
Further Dangers
IBM License Metric Tool v9 is vulnerable through numerous security flaws in various components, such as the HTTP client Axios, the Ruby web server interface Rack, and jose4j. Admins must install version 9.2.43.1 here.
Videos by heise
IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable through two flaws. One vulnerability (CVE-2026-8633) is considered “critical.” Here too, there is currently only a workaround in the form of a fix. Security updates are expected in the second quarter.
(des)
