Fix (APAR):  PH57715

Status:  Fix

Release:  9.0.5.17

Operating System:  AIX,HP-UX,Linux,Solaris,Windows,z/OS

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  187976585

Date: 2023-10-24

Abstract:  IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122 CVSS 7.5)

Description/symptom of problem:  
PH57715 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2023-31122. 



Directions to apply fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Backup your IBM HTTP Server installation directory
3) Extract this interim fix with your IBM HTTP Server installation as your working directory
4) Post-installation script requirements
    - **Windows only:** Run `postinstall.bat` from the server root, passing no arguments.
    - **AIX and Linux**: After an upgrade, running `apachectl start` causes `postinstall.sh`
      to be re-run automatically. Run `./postinstall.sh` manually if other scripts (such as gskcapicmd)
      within the IHS/bin/ directory need to be used **prior** to the next `apachectl start`.
5) Start IBM HTTP Server

Directions to remove fix:  
1) Stop IBM HTTP Server. AIX Only: run "slibclean" as root.
2) Restore earlier IBM HTTP Server installation root from backup. Or, extract a previous maintenance level archive install on top of current installation
2) Start IBM HTTP Server

Directions to re-apply fix:  
1) Stop IBM HTTP Server.
2) Follow the directions to apply the fix.
3) Restart IBM HTTP Server.


Additional Information: