Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342 CVSS 7.5)
Download Description
PH52546 resolves the following problem:
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2023-32342
The fix for this APAR is targeted for inclusion in 8.5.5.24 and 9.0.5.16
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2023-32342
The fix for this APAR is targeted for inclusion in 8.5.5.24 and 9.0.5.16
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
Supersedes Info:
This fix supersedes (includes) the fix for PH40832, PH44893, PH49311
Mitigations and affected configurations:
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains APAR PH52546.
IHS configurations with SSL enabled ("SSLEnable" directive) and using RSA Key Exchange (cipher names beginning with "TLS_RSA") are vulnerable. To disable RSA Key Exchange ciphers, refer to this ROBOT-related FAQ: Disable ciphers using RSA Key Exchange
Side Effects:
- Configurations SSLFIPSEnable and RSA Key Exchange based ciphers explicitly added will fail with SSL0212E if these ciphers are actually negotiated. RSA Key Exchange ciphers should not be added to a FIPS enabled configuration.
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
| URL | SIZE(Bytes) |
|---|---|
| V90 IM readme file | 2045 |
| V85 IM readme file | 1957 |
Download Package
|
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. |
| Download | RELEASE DATE | SIZE(Bytes) |
Applies To |
|---|---|---|---|
| 9.0.5.11-WS-WASIHS_GSKit-MultiOS-IFPH52546 | 24 May 2023 | 155218986 | 9.0.5.11-9.0.5.15 |
| 8.5.5.20-WS-WASIHS_GSKit-MultiOS-IFPH52546 | 24 May 2023 | 216029616 | 8.5.5.20-8.5.5.23 |
Note: IHS Archive Installs provided with PH48747 contain the requires level of IBM GSKit and remain the latest available IHS Archive package.
Problems Solved
PH52546, PH40832, PH44893, PH49311
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"IBM HTTP Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.20;8.5.5.21;8.5.5.22;8.5.5.23;9.0.5.11;9.0.5.12;9.0.5.13;9.0.5.14;9.0.5.15","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
02 July 2023
UID
ibm16997947