Fix (APAR):  PH44271

Status:  Fix

Release:  9.0.5.10

Operating System:  AIX,Linux,Windows

Supersedes Fixes:  PH44393 PH43122 PH43887 PH42030 PH41945 PH42862 PH40343 PH39660

CMVC Defect:  xxxxxx

Byte size of APAR:  186407924

Date: 2022-03-02

Abstract:  Vulnerability in IBM HTTP Server used by IBM WebSphere Application Server due to Expat (CVE-2022-25315 CVSS 7.8 and more)

Description/symptom of problem:  
PH44271 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity ifixCVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25315

PROBLEM SUMMARY:
Confidential for Security Integrity ifix CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25315

PROBLEM CONCLUSION:
Confidential for Security Integrity ifix CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25315


Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Start IBM HTTP Server

Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server

Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.


Additional Information: