Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161 CVSS 4.8)
Download Description
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2022-39161
The fix for this APAR is targeted for inclusion in 8.5.5.24 and 9.0.5.16
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
- IHS Archive install interim fixes: This fix supersedes (includes) the IHS fixes for PH52860, PH53014, PH54015
- WAS and WASPlugin interim fixes: No supersede of any other fixes.
Prerequisites
Installation Instructions
Review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V90 archive readme file | 1267 |
V85 readme file | 1872 |
V90 readme file | 1906 |
Download Package
WebSphere WebServer Plug-in Installation Manager update
These fixes are required if the WebSphere WebServer Plug-in is installed and maintained with IBM Installation Manager. If your Plugin installation has a bin/versionInfo{.sh|bat} it uses IBM Installation Manager.
Download | RELEASE DATE | SIZE(Bytes) | Applies to |
URL |
---|---|---|---|---|
9.0.5.11-WS-WASPlugIn-IFPH48747 | 02 May 2023 | 63751789 | 9.0.5.11-9.0.5.15 | FC |
8.5.5.14-WS-WASPlugIn-IFPH48747 | 02 May 2023 | 81769565 | 8.5.5.14-8.5.5.22 | FC |
8.5.5.23-WS-WASPlugIn-IFPH48747 | 05 May 2023 | 81745975 | 8.5.5.23 | FC |
Application Server update to support new optional plugin-cfg.xml generation properties
These fixes are required if setting new custom properties in the traditional WebSphere admin console (https://www.ibm.com/support/pages/node/6982543)
Download | RELEASE DATE | SIZE(Bytes) | Applies to |
URL |
---|---|---|---|---|
9.0.5.11-WS-WAS-IFPH48747 | 02 May 2023 | 349322 | 9.0.5.11-9.0.5.15 | FC |
8.5.5.14-WS-WAS-IFPH48747 | 02 May 2023 | 355689 | 8.5.5.14-8.5.5.23 | FC |
IBM HTTP Server archive fixes with updated WAS WebServer Plug-in runtime
These fixes should only be used if you use the IHS Archive Install without IBM Installation Manager. This cumulative update provides the latest IHS and Plugin binaries. If your IHS installation has a postinstall.{sh|bat} at the installation root, you are likely using the archive installation.
Download | RELEASE DATE | SIZE(Bytes) |
URL |
---|---|---|---|
9.0.5-WS-IHS-ARCHIVE-linux-x86_64-FP015-IFPH48747 | 02 May 2023 | 26682207 | FC |
9.0.5-WS-IHS-ARCHIVE-aix-ppc64-FP015-IFPH48747 | 02 May 2023 | 35858550 | FC |
9.0.5-WS-IHS-ARCHIVE-linux-ppc64le-FP015-IFPH48747 | 02 May 2023 | 27109195 | FC |
9.0.5-WS-IHS-ARCHIVE-linux-s390x-FP015-IFPH48747 | 02 May 2023 | 29553579 | FC |
9.0.5-WS-IHS-ARCHIVE-win-x86-FP015-IFPH48747 | 02 May 2023 | 33274639 | FC |
9.0.5-WS-IHS-ARCHIVE-win-x86_64-FP015-IFPH48747 | 02 May 2023 | 35516852 | FC |
Problems Solved
PH48747, PH52860, PH53014, PH54015
Change History
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
05 May 2023
UID
ibm16987541