IBM Support

IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime (CVE-2022-28331 CVSS 9.8 and more)

Download


Downloadable File

File link File size File description

Abstract

IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime (CVE-2022-28331 CVSS 9.8 and more)

Download Description

PH51982 resolves the following problem:

IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime (CVE-2022-28331 CVSS 9.8 and more)
  • CVE-2022-36760
  • CVE-2006-20001
  • CVE-2022-37436
  • CVE-2022-25147
  • CVE-2022-28331


The fix for this APAR is currently targeted for inclusion
in fix packs 8.5.5.24 and 9.0.5.15

For more information, see Recommended Updates for WebSphere Application Server:å
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

This fix supersedes (includes) the fix for PH50316 as well as PH49572,PH47792,PH46897,PH48168
This fix is superseded by later interim fixes.

The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH53014 to resolve this APAR. 

Mitigations and affected configurations:
  • CVE-2022-36760
    • Configurations are vulnerable if mod_proxy_ajp is loaded.
      • This module is not provided with IHS 9.0
  • CVE-2006-20001
    • Configurations that load mod_dav may be vulnerable
  • CVE-2022-37436
    • Configurations that load mod_proxy_http may be vulnerable.
  • CVE-2022-25147
    • Configurations without third-party modules or Lua scripts are affected but not vulnerable
      • Configurations with third-party modules or Lua scripts may be vulnerable.
  • CVE-2022-28331
    • Windows systems are affected and vulnerable.
      • Other operating systems are neither affected nor vulnerable.
This fix is superseded by later interim fixes.

The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH53014 to resolve this APAR. 

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

 
URL SIZE(Bytes)
V90 IM readme file 2210
V85 IM readme file 2157
V90 archive readme file 1528

Download Package

This fix is superseded by later interim fixes.

The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH53014 to resolve this APAR. 

Problems Solved

PH51982, PH49572, PH50316

Change History

  • February 27: Add links to IFPH52754 for 8.5.5

On

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"IBM HTTP Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.22;8.5.5.23;9.0.5.13;9.0.5.14","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 March 2023

UID

ibm16955257

Page Feedback