Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680 CVSS 7.5, CVE-2013-0340 CVSS 4.3, CVE-2017-9233 CVSS 5.3)
Download Description
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH51982 to resolve this APAR.
ERROR DESCRIPTION:
IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680 CVSS 7.5, CVE-2013-0340 CVSS 4.3, CVE-2017-9233 CVSS 5.3)
PROBLEM CONCLUSION:
Confidential for CVE-2022-43680, CVE-2013-0340, CVE-2017-9233
The fix for this APAR is currently targeted for inclusion
in fix packs 8.5.5.23 and 9.0.5.15
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
This fix supersedes (includes) prior fixes depending on the base fix pack, including PH49572 PH47792 PH46897 PH44829 PH44271 PH43122 where applicable. Consult the individual fixes on Fix Central for specifics.
- CVE-2022-43680, CVE-2013-0340, CVE-2017-9233
- IBM HTTP Server on z/OS is not vulnerable, the expat library is not included in IHS on z/OS.
- The IBM Installation Manager fixes for this APAR allows installation on z/OS to allow prior installable fixes to be superseded on all platforms.
- IBM HTTP Server without third-party modules added to the server is not vulnerable.
- If third-party modules are present, a third-party module that uses the expat library may be vulnerable if it calls expat in the way described by the listed CVEs.
- IBM HTTP Server on z/OS is not vulnerable, the expat library is not included in IHS on z/OS.
Prerequisites
Installation Instructions
Review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V90 IM readme file | 2050 |
V85 IM readme file | 1894 |
V90 Archive readme file | 1306 |
V80 IM readme file | 1968 |
V70 UPDI readme file | 4986 |
Download Package
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH51982 to resolve this APAR.
Problems Solved
PH50316, PH46897, PH49572
Known Side Effects
Change History
- Nov 22 2022: Add 9.0.5.14 IM and Archive fixes
- Feb 14 2023: Superseded by PH51982 https://www.ibm.com/support/pages/node/6955257
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
14 February 2023
UID
ibm16839115