Security ID : NAS-201901-22
Security Advisory for Vulnerabilities in QTS
Release date : January 22, 2019
CVE identifier : Apache HTTP Server vulnerabilities: CVE-2018-11763 | CVE-2018-8011 | CVE-2018-1333 | CVE-2017-15710 | CVE-2018-1283 | CVE-2018-1303 | CVE-2018-1301 | CVE-2017-15715 | CVE-2018-1312 | CVE-2018-1302 | CVE-2017-9798 | CVE-2017-9789 | CVE-2017-9788 | CVE-2017
Affected products: QTS 4.4.0: build 20181127 and earlier versions
QTS 4.3.5: build 20181114 and earlier versions
QTS 4.3.4: build 20181026 and earlier versions
QTS 4.3.3: build 20181029 and earlier versions
Severity
Important
Status
Resolved
Summary
Multiple Apache HTTP Server, PHP, and Samba vulnerabilities have been reported; some of which affect QTS. If successfully exploited, these vulnerabilities could allow remote attackers to launch DDos attacks or access sensitive information.
We have fixed these issues in following QTS versions:
- QTS 4.4.0: QTS 4.4.0 build 20190119 and later
- QTS 4.3.5: QTS 4.3.6 build 20181228 and later
- QTS 4.3.4: QTS 4.3.4 build 20190102 and later
- QTS 4.3.3: QTS 4.3.3 build 20190102 and later
Recommendation
To resolve the issue, you must update your QTS to the latest version.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Revision History: V1.0 (January 22, 2018) - Published
