Fix (APAR):  PH51982

Status:  Fix

Release:  9.0.5.14

Operating System:  AIX,Linux,Windows

Supersedes Fixes:  PH50316

CMVC Defect:  xxxxxx

Byte size of APAR:  187540530

Date: 2023-02-13

Abstract:  IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime (CVE-2022-28331 CVSS 9.8 and more)

Description/symptom of problem:  
PH51982 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix:
CVE-2022-36760 CVE-2006-20001 CVE-2022-37436 CVE-2022-25147 CVE-2022-28331

PROBLEM SUMMARY:
Confidential for Security Integrity interim fix:
CVE-2022-36760 CVE-2006-20001 CVE-2022-37436 CVE-2022-25147 CVE-2022-28331

PROBLEM CONCLUSION:
Confidential for:
 CVE-2006-20001 CVE-2022-37436 CVE-2022-25147 CVE-2022-28331





Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Start IBM HTTP Server



Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server



Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.




Additional Information: