Fix (APAR):  PH46897

Status:  Fix

Release:  9.0.5.12

Operating System:  Linux

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  29393909

Date: 2022-06-15

Abstract:  Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-26377 CVSS 7.3 and more)	

Description/symptom of problem:  
PH46897 resolves the following problem:

  CVE-2022-26377 (n/a on 9.0)
  CVE-2022-28614
  CVE-2022-28615
  CVE-2022-29404 (9.0 only)
  CVE-2022-30556 (9.0 only)
  CVE-2022-31813

ERROR DESCRIPTION:
Confidential for Security Integrity ifix for CVE-2022-26377 (and more)

PROBLEM SUMMARY:
Confidential for Security Integrity ifix for CVE-2022-26377 (and more)

PROBLEM CONCLUSION:
Confidential for CVE-2022-26377 

Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Start IBM HTTP Server

Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server

Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.


Additional Information: