Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425 CVSS 7.5)
Download Description
This fix is superseded by later interim fixes.The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH60619 to resolve this APAR.
PH59697 resolves the following problem:
IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425 CVSS 7.5)
The fix for this APAR is targeted for inclusion in 8.5.5.26 and 9.0.5.19
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for the following APARs, where applicable: PH53014, PH57408, PH57715
IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425 CVSS 7.5)
The fix for this APAR is targeted for inclusion in 8.5.5.26 and 9.0.5.19
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
This fix supersedes (includes) the fix for the following APARs, where applicable: PH53014, PH57408, PH57715
Vulnerable Configurations
- Configurations that load mod_dav or any third-party modules, and have set LimitXMLRequestBody explicitly set to a value on the order of hundreds of megabytes or more, may be vulnerable.
Behavior Changes
- The fix for the 8.5 releases imposes a hard limit of 100 megabytes on the LimitXMLRequestBody directive. The default limit remains at 1 megabyte.
- There is no behavior change for the 9.0 release.
Prerequisites
None
Download Package
This fix is superseded by later interim fixes.The interim fix for this APAR has been superseded by a later interim fix. Download and install the interim fix for PH60619 to resolve this APAR.
The download links have been removed.
Problems Solved
PH59697, PH53014, PH57408, PH57715
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"IBM HTTP Server"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.24;8.5.5.25;9.0.5.17;9.0.5.18","Edition":"Base","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
10 April 2024
UID
ibm17129840