Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690 CVSS 6.1)
Download Description
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2023-25690.
The fix for this APAR is targeted for inclusion in 8.5.5.24 and 9.0.5.16
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for PH52754, PH49572, PH50316, PH51982, PH52860, PH47792,PH46897, PH48168 where applicable.
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains APAR PH53014.
- Vulnerable configurations use mod_rewrite with URLs that are handled by either the WebSphere Web Server Plug-in or mod_proxy.
- The RewriteRules are vulnerable only if they use back-references or other variables in the substitution parameter.
- Additionally, configurations with ProxyPassMatch (and not necessarily mod_rewrite) are presumed vulnerable based on the publicly available CVE details.
Prerequisites
Installation Instructions
Review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V90 IM readme file | 1871 |
V85 IM readme file | 1809 |
V90 archive readme file | 1225 |
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
|
Installation Manager repositories | RELEASE DATE | SIZE(Bytes) |
URL |
---|---|---|---|
9.0.5.15-WS-WASIHS-IFPH53014 | 03 April 2023 | 14714921 | FC |
9.0.5.14-WS-WASIHS-IFPH53014 | 15 March 2023 | 35400807 | FC |
9.0.5.13-WS-WASIHS-IFPH53014 | 15 March 2023 | 34162482 | FC |
8.5.5.23-WS-WASIHS-IFPH53014 | 15 March 2023 | 31787100 | FC |
8.5.5.22-WS-WASIHS-IFPH53014 | 15 March 2023 | 37813658 | FC |
![](/support/pages/system/files/support/swg/swgdnld.nsf/0/e2a015e4a866ba248525811c006a745f/Content/0.84.gif)
Users of the IHS Archive Install should download and install the interim fix for PH48747 to resolve this APAR.
Problems Solved
PH53014, PH49572, PH50316, PH51982, PH52860, PH52754
Known Side Effects
Change History
- March 17: Add information about ProxyPassMatch
- April 4: Add 9.0.5.15 fixes and add PH52754 and others as superseded
- May 2: Supersede archive installs with PH48747
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
04 May 2023
UID
ibm16963614