Primary

Context

IBM HTTP Server Invalid Pointer Dereference Vulnerability Allowing Information Disclosure or Denial-of-Service

Vulnerability

Patched

A vulnerability in IBM HTTP Server versions 8.5 and 9.0 allows for invalid pointer dereference. This issue can be exploited by a privileged user authenticated to the Administration Server, potentially leading to exposure of sensitive information or causing a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition or unauthorized exposure of sensitive information.

Remediation

Users are advised to upgrade to IBM HTTP Server Fix Pack 9.0.5.29 or later, or Fix Pack 8.5.5.30 or later. Interim fixes resolving this vulnerability are also available. Additional interim fixes may be linked off the interim fix download page.

Added: May 26, 2026, 10:27 PM

Updated: May 26, 2026, 10:27 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM HTTP Server Invalid Pointer Dereference Vulnerability Allowing Information Disclosure or Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

IBM HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating