Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674 CVSS 9.8)
Download Description
ERROR DESCRIPTION:
IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674 CVSS 9.8)
PROBLEM SUMMARY:
IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674 CVSS 9.8)
Confidential for CVE-2022-40674
The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.23 and 9.0.5.14
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH50316 to resolve this APAR.
- CVE-2022-40674
- IBM HTTP Server on z/OS is not vulnerable, the expat library is not included in IHS on z/OS.
- IBM HTTP Server without third-party modules added to the server is not vulnerable.
- If third-party modules are present, a third-party module that uses the expat library may be vulnerable if it calls expat in the way described by CVE-2022-40674.
Prerequisites
Download Package
The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH50316 to resolve this APAR.
Problems Solved
PH49572
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
14 November 2022
UID
ibm16826609