Fix (APAR):  PH42862

Status:  Fix

Release:  9.0.5.10

Operating System:  AIX,Linux,Windows

Supersedes Fixes:  PH42862 PH41945 PH42587

CMVC Defect:  xxxxxx

Byte size of APAR:  186484348

Date: 2022-01-12

Abstract:  Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)

Description/symptom of problem:  
PH42862 resolves the following problem:

ERROR DESCRIPTION:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)
                                                         
PROBLEM SUMMARY:
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server (CVE-2021-44790 CVSS 9.8 and more)

PROBLEM CONCLUSION:
Confidential for CVE-2021-44790, CVE-2021-44224

The fix for this APAR is targeted for inclusion in IBM HTTP
Server fix pack 9.0.5.11. For more information, see 
'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Start IBM HTTP Server

Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server

Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.


Additional Information: