Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
Download Description
THIS FIX IS SUPERSEDED BY LATER INTERIM FIXESThe WebSphere Application Server interim fix for this fix for APAR PH44271. Download and install the fix for PH44271 to resolve PH42862.
PH42862 resolves the following problem:
ERROR DESCRIPTION:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
PROBLEM SUMMARY:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
PROBLEM CONCLUSION:
Confidential for CVE-2021-44790, CVE-2021-44224
The fix for this APAR is targeted for inclusion in IBM HTTP
Server fix pack 9.0.5.11. For more information, see
'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553
ERROR DESCRIPTION:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
PROBLEM SUMMARY:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
PROBLEM CONCLUSION:
Confidential for CVE-2021-44790, CVE-2021-44224
The fix for this APAR is targeted for inclusion in IBM HTTP
Server fix pack 9.0.5.11. For more information, see
'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for PH42587 and PH41945
MITIGATION:
- CVE-2021-44790: If "
LoadModule lua_module modules/mod_lua.so"appears in any IHS configuration file (httpd.conf by default), AND any customer-provided Lua script uses ther:parsebodyfunction, comment out the LoadModule directive by prefixing it with the#character until the fix can be applied. - CVE-2021-44224: If "
ProxyRequests ON"is present in any IHS configuration file (httpd.conf) by default, change the value to OFF until the fix can be applied.
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
| URL | SIZE(Bytes) |
|---|---|
| V90 readme | 2378 |
| V90 readme | 1743 |
Download Package
Problems Solved
PH42862, PH42587, PH41945
Change History
February 7, 2022: Replace PH42862 interim fixes with PH43887.
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"IBM HTTP Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.5.10;9.0.5.9","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
03 March 2022
UID
ibm16538416