Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-26377 CVSS 7.3 and more)
Download Description
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH51982 to resolve this APAR.
- CVE-2022-26377
- CVE-2022-28614
- CVE-2022-28615
- CVE-2022-29404
- CVE-2022-30556
- CVE-2022-31813
ERROR DESCRIPTION:
Confidential for Security Integrity ifix for CVE-2022-26377 (and more)
PROBLEM SUMMARY:
Confidential for Security Integrity ifix for CVE-2022-26377 (and more)
PROBLEM CONCLUSION:
Confidential for CVE-2022-26377
The fix for this APAR is currently targeted for inclusion
in fix packs 8.5.5.23 and 9.0.5.13
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg2700498
- CVE-2022-26377
- IBM HTTP Server configurations with "mod_proxy_ajp" loaded and configured are affected. This module is not provided in the 9.0 release.
- CVE-2022-28614 & CVE-2022-28615
- IBM HTTP Server configurations with "mod_lua" loaded and configured or any third-party modules may be affected.
- CVE-2022-29404 (9.0 only)
- IBM HTTP Server configurations with "mod_lua" loaded and configured may be affected.
- CVE-2022-30556 (9.0 only)
- IBM HTTP Server configurations with "mod_lua" loaded and configured may be affected.
- CVE-2022-31813
- IBM HTTP Server configurations with "mod_proxy_http" loaded and configured and the backend server depends on the X-Forwarded-For header for security purposes are affected.
Prerequisites
Download Package
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH51982 to resolve this APAR.
Problems Solved
Known Side Effects
Change History
- Oct 5 2022: With the release of PH49572, this interim fix is superseded on Linux, AIX, Windows, Solaris, and HP-UX
- Oct 13 2022: Simplify/clarify supersede situation
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
14 February 2023
UID
ibm16594853