IBM Support

PH43122: Vulnerability in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-23852 CVSS 9.8 and more)

Download


Downloadable File

File link File size File description

Abstract

Vulnerability in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-23852 CVSS 9.8 and more)

Download Description

PH43122 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2022-23852 and more.

PROBLEM SUMMARY:
Confidential for Security Integrity interim fix CVE-2022-23852 and more.

PROBLEM CONCLUSION:
Confidential for expat library vulnerabilities:
 CVE-2021-45960
 CVE-2021-46143
 CVE-2022-22822
 CVE-2022-22823
 CVE-2022-22824
 CVE-2022-22825
 CVE-2022-22826
 CVE-2022-22827
 CVE-2022-23852
 CVE-2022-23990

The fix for this APAR is targeted for inclusion in fix packs 8.5.5.22 and 9.0.5.11

For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
This fix supersedes (includes) the fix for PH39660, PH40343, PH41945, PH42030, PH42862, PH43887

This fix is superseded by later interim fixes.
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH44829 to resolve this APAR.
If this APAR applied to older fix packs that the superseding APAR does not, the download link for those older fixes will be preserved below.

Prerequisites

None

Download Package


This fix is superseded by later interim fixes.
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH44829 to resolve this APAR.
If this APAR applied to older fix packs that the superseding APAR does not, the download link for those older fixes will be preserved below.

Problems Solved

PH43122, PH39660, PH40343, PH41945, PH42030, PH42862, PH43887

Change History

  • 25 February 2022: Replaced 9.0 fix links with IFPH44393 fixes due to regression discussed in PH44393
  • 2 March 2022: Replaced 8.5.5 fix links with IFPH44271 fixes due to absence of CVE-2022-23852 CVE-2022-23990 from the original fixes.
  • 3 March 2022: Remove downloads and point to IFPH44271

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001j54AAA","label":"WebSphere Application Server traditional-All Platforms-\u003EDownload Documents - L3 Publishing Category"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0;8.0.0;8.5.5;9.0.5"}]

Problems (APARS) fixed
PH43122, PH39660, PH40343, PH41945, PH42030, PH42862, PH43887

Document Information

Modified date:
29 March 2022

UID

ibm16557294