Critical Severity

Security Bulletin: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)

Share this post:

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to arbitrary code execution due to Expat. The Expat library is used by IBM HTTP Server’s WebDAV (mod_dav) support, but may also be used by third-party Apache HTTP Server modules if they have been loaded into the server by the administrator. This has been addressed. [CVE-2022-40674]

CVE(s): CVE-2022-40674

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM HTTP Server 9.0
IBM HTTP Server 8.5
IBM HTTP Server 8.0
IBM HTTP Server 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6827119
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/236116

More stories

Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]

November 28, 2022 | Critical Severity

Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, part of data ingestion. The vulnerabilities have been addressed. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]

November 28, 2022 | Critical Severity

IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]. Apache Commons Text has been upgraded to version 1.10.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent. ...read more


Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

November 28, 2022 | Critical Severity

The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. [CVE-2022-42889] ...read more