PI45596: CVE-2015-1283 for IBM HTTP Server

Download

Abstract

CVE-2015-1283 for IBM HTTP Server

Download Description

PI45596 resolves the following problem:

ERROR DESCRIPTION:
Potential denial of service due to vulnerability in Expat bundled with IBM HTTP Server.

PROBLEM SUMMARY:
Multiple integer overflows in Expat (bundled with IBM HTTP Server), can potentially allow remote attackers to cause a denial of service (heap-based buffer overflow), or possibly have an unspecified other impact via crafted XML data.

PROBLEM CONCLUSION:
The bundled expat in IBM HTTP Server was updated.

This fix is targeted for IBM HTTP Server fix packs:
- 7.0.0.39
- 8.0.0.12
- 8.5.5.7

Prerequisites

IMPORTANT NOTE: The interim fix for 6.1.0.47 requires the installed global GSKit be at a minimum level as provided by either of the following interim fixes, else IBM HTTP Server may not start after application of this interim fix: PI05309, PI09443, PI36417 (or any newer interim fix that updates GSKit).

UpdateInstaller is required for IHS 7.0 and 6.1 interim fixes.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

For IHS 8.0 and 8.5.5, the interim fix can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.

The interim fix is also available from Fix Central at the link listed in the Download Package section below..

Download Package

The 6.1 version of this interim fix is a cumulative interim fix. See the fix readme.txt for more information.

          [{"DNLabel":"8.5.5.4 - 8.5.5.6 Distributed platforms","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"2834943","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WASIHS-MultiOS-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.11 Distributed platforms","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"2707457","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.9-WS-WASIHS-MultiOS-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 AixPPC32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"222276","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-AixPPC32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxIA64","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"633481","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxIA64-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxPaRISC","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"157631","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxPaRISC-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxPPC32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"115961","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxPPC32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxS390","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"116482","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxS390-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxX32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"108940","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxX32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisSparc","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"151987","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisSparc-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisX64","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"115234","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisX64-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 WinX32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"497206","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.33-WS-WASIHS-WinX32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 AixPPC32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"1858924","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-AixPPC32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 HpuxIA64","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"5319113","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-HpuxIA64-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 HpuxPaRISC","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"2034622","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-HpuxPaRISC-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 LinuxPPC32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"1941543","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-LinuxPPC32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 LinuxS390","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"1688652","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-LinuxS390-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 LinuxX32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"1627000","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-LinuxX32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 SolarisSparc","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"3832440","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-SolarisSparc-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 SolarisX64","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"1655527","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-SolarisX64-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.47 WinX32","DNDate":"28 Aug 2015","DNLang":"US English","DNSize":"4626569","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WASIHS-WinX32-IFPI45596&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5.6;8.5.5.5;8.5.5.4;8.0.0.9;8.0.0.11;8.0.0.10;7.0.0.37;7.0.0.35;7.0.0.33;6.1.0.47","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PI45596

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24040609

Tips