Fix (APAR): PH50316 Status: Fix Release: 9.0.5.14 Operating System: AIX,Linux,Windows Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 187563486 Date: 2022-11-21 Abstract: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680 CVSS 7.5, CVE-2013-0340 CVSS 4.3, CVE-2017-9233 CVSS 5.3) Description/symptom of problem: PH50316 resolves the following problem: ERROR DESCRIPTION: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680 CVSS 7.5, CVE-2013-0340 CVSS 4.3, CVE-2017-9233 CVSS 5.3) Directions to apply fix: 1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root. 2) Backup your IBM HTTP Server installation directory 3) Extract this interim fix with your IBM HTTP Server installation as your working directory 4) Start IBM HTTP Server Directions to remove fix: 1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root. 2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation 2) Start IBM HTTP Server Directions to re-apply fix: 1) Stop IBM HTTP Server. 2) Follow the directions to apply the fix. 3) Restart IBM HTTP Server. Additional Information: