IBM Support

IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122 CVSS 7.5)

Download


Downloadable File

File link File size File description

Abstract

IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122 CVSS 7.5)

Download Description

PH57715 resolves the following problem:

ERROR DESCRIPTION:
IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122 CVSS 7.5)

The fix for this APAR is targeted for inclusion in 9.0.5.18

For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
Supersedes Info:

This fix supersedes (includes) no prior interim fixes.
 
Mitigations and affected configurations:
 
  • IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains APAR PH57715.
  • Only configurations that load the "mod_macro" Apache module are affected/vulnerable.

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

 
URL SIZE(Bytes)
V90 IM readme file 1828

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table. 

Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages.
DOWNLOAD RELEASE DATE SIZE(Bytes)

URL

IBM Installation Manager interim fix repositories
9.0.5.16-WS-WASIHS-IFPH57715 25 October 2023 22554835 Fix Central
9.0.5.17-WS-WASIHS-IFPH57715 25 October 2023 22554966 Fix Central
IBM HTTP Server Archives
9.0.5-WS-IHS-ARCHIVE-*-FP017-IFPH57715  25 October 2023 various Fix Central
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.

Problems Solved

PH57715

On

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"IBM HTTP Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.5.16;9.0.5.17","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
25 October 2023

UID

ibm17059858