Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server
Download Description
PH61893 resolves the following problems:
- CVE-2024-38472
- Vulnerable Configurations: IHS on Windows
- CVE-2024-38473, CVE-2024-38477
- Vulnerable Configurations: IHS 9.0 with mod_proxy loaded
- CVE-2024-38474, CVE-2024-38475
- Vulnerable Configurations: IHS with mod_rewrite loaded.
See https://httpd.apache.org/security/vulnerabilities_24.html for mod_rewrite specifics.
- Vulnerable Configurations: IHS with mod_rewrite loaded.
- CVE-2024-38476
- Vulnerable Configurations: IHS with mod_negotiation or CGI modules loaded
- CVE-2024-39573
- Vulnerable: IHS with both mod_rewrite and mod_proxy loaded
See https://httpd.apache.org/security/vulnerabilities_24.html for mod_rewrite specifics.
- Vulnerable: IHS with both mod_rewrite and mod_proxy loaded
Behavior Changes in mod_rewrite:
- If non-malicious URL's use encoded question marks (%3F), some RewriteRules that add a "?" to the substitution will return 403 unless the flag UnsafeAllow3F is added.
- If a mod_rewrite substitution begins with a variable or back-reference, and has no PT flag, and the first path segment matches a directory at the root of the filesystem, the substitution will no longer map the URL to that directory unless the flag UnsafePrefixStat is added.
The fix for this APAR is targeted for inclusion in 8.5.5.27 and 9.0.5.21.
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for PH53014, PH57408, PH57668, PH59697, PH60619 (where applicable to the base fix pack level)
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for PH53014, PH57408, PH57668, PH59697, PH60619 (where applicable to the base fix pack level)
Prerequisites
None
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. |
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
URL |
---|---|---|---|
IBM Installation Manager downloadable repositories | |||
8.5.5.24-WS-WASIHS-IFPH61893 | 09 July 2024 | 89941873 | FC |
8.5.5.25-WS-WASIHS-IFPH61893 | 09 July 2024 | 89941917 | FC |
9.0.5.18-WS-WASIHS-IFPH61893 | 09 July 2024 | 110529905 | FC |
9.0.5.19-WS-WASIHS-IFPH61893 | 09 July 2024 | 110529247 | FC |
9.0.5.20-WS-WASIHS-IFPH61893 | 09 July 2024 | 110529130 | FC |
IBM HTTP Server archive installs | |||
9.0.5-WS-IHS-ARCHIVE-linux-x86_64-FP020-IFPH61893 | 09 July 2024 | 26737929 | FC |
9.0.5-WS-IHS-ARCHIVE-linux-s390x-FP020-IFPH61893 | 09 July 2024 | 29625329 | FC |
9.0.5-WS-IHS-ARCHIVE-linux-ppc64le-FP020-IFPH61893 | 09 July 2024 | 27185741 | FC |
9.0.5-WS-IHS-ARCHIVE-aix-ppc64-FP020-IFPH61893 | 09 July 2024 | 35908017 | FC |
9.0.5-WS-IHS-ARCHIVE-win-x86-FP020-IFPH61893 | 09 July 2024 | 33271458 | FC |
9.0.5-WS-IHS-ARCHIVE-win-x86_64-FP020-IFPH61893 | 09 July 2024 | 35549377 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
Problems Solved
PH61893, PH53014, PH57408, PH57668, PH59697, PH60619
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.24;8.5.5.25;9.0.5.18;9.0.5.19;9.0.5.20","Edition":"Base","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
09 July 2024
UID
ibm17159808