Fix (APAR):  PH48747

Status:  Fix

Release:  9.0.5.15

Operating System:  AIX,Linux,Windows

Supersedes Fixes:  PH54015 PH53014 PH52860

CMVC Defect:  xxxxxx

Byte size of APAR:  187995022

Date: 2023-04-27

Abstract:  IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing  when using Web Server Plug-ins  (CVE-2022-39161 CVSS 4.8)

Description/symptom of problem:  
PH48747 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2022-39161


Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Start IBM HTTP Server

Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server

Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.


Additional Information: