IBM Support

IBM HTTP Server interim fix for PM00675

Downloadable files


Abstract

IBM HTTP Server interim fix for CVE-2009-3555: TLS/SSL protocol vulnerability

Download Description

This interim fix resolves the following:

USERS AFFECTED:
Users of IBM HTTP Server 6.0.2, 6.1, and 7.0 with SSL (SSLEnable directive) configured.

PROBLEM DESCRIPTION:
CVE-2009-3555: TLS/SSL protocol vulnerability

RECOMMENDATION:
Apply this fix if SSL is enabled.

PROBLEM CONCLUSION:
IBM HTTP Server is distributing an updated GSKit security library. This standalone GSKit update has been published to the IBM HTTP Server Fixes download site. No configuration is required once
GSKit is updated to 7.0.4.27

The GSKit downloads are located under the 'GSKit Version 7' section for your platform.

For IBM HTTP Server 6.x releases, download the GSKit 7.0.4.27 package and Readme under the section labeled 'PM00675 - IHS Version 6'

For IBM HTTP Server 7.0 releases, download the GSKit 7.0.4.27 package and Readme
under the section labeled 'PM00675 - IHS Version 7'

The GSKit update will be included in the following releases:
- 6.0.2.39
- 6.1.0.29
- 7.0.0.9

Prerequisites

None

Download package


Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
IBM HTTP Server Fixes 11/24/2009 US English 8926041 HTTPS

Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server AIX, HP-UX, Linux, Solaris, Windows 7.0, 6.1, 6.0.2

Problems (APARS) fixed
PM00675

Document information

More support for: IBM HTTP Server
Base Server

Software version: 6.0.2, 6.1, 7.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 4025312

Modified date: 25 August 2010


Translate this page: