Fix list for IBM HTTP Server Version 8.0

Product documentation


Abstract

IBM HTTP Server provides periodic fixes for release 8.0. The following is a complete listing of fixes for Version 8.0 with the most recent fix at the top.

Content

Back to all versions

Fix Pack 8 (8.0.0.8)
Fix Pack 7 (8.0.0.7)
Fix Pack 6 (8.0.0.6)
Fix Pack 5 (8.0.0.5)
Fix Pack 4 (8.0.0.4)
Fix Pack 3 (8.0.0.3)
Fix Pack 2 (8.0.0.2)
Fix Pack 1 (8.0.0.1)





Fix Pack 8 (8.0.0.8)
Fix release date: 13 January 2014
Last modified: 13 January 2014
Status: Recommended

Download Fix Pack 8

APAR Description
PM94008 Timed-out ldap bind and search failures on reused connections are not retried
PM94143 Use of SAFRunAs results in ICH408I messages to be issued against the HTTP Server userid (z/OS only)
PM94602 ProxyRemote fails to work with SSL requests
PM96039 The AcceptEx disablement notice should not appear in Windows Event Viewer

Note: IBM HTTP Server 8.0.0.8 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.26.


Fix Pack 7 (8.0.0.7)
Fix release date: 19 August 2013
Last modified: 19 August 2013
Status: Superseded

Download Fix Pack 7

APAR Description
PM85211 CVE-2013-0169: TLS Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
PM87808 CVE-2013-1862: mod_rewrite vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
PM89996 CVE-2013-1896: mod_dav vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
PM84215 mod_mpmstats may report incorrect values during startup or shutdown
PM87247 Additional certificate attributes are needed as fields accessible to the SSLClientAuthRequire directive
PM89422 IHS WebDAV requests slow on Windows

Note: IBM HTTP Server 8.0.0.7 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.25.


Fix Pack 6 (8.0.0.6)
Fix release date: 29 April 2013
Last modified: 29 April 2013
Status: Superseded

Download Fix Pack 6

APAR Description
PM76110 CVE-2012-4557: mod_proxy_ajp incorrectly marks backend WAS CE server down
PM80058 CVE-2012-3499/CVE-2012-4558: Potential exposure in several IBM HTTP Server optional modules
http://xforce.iss.net/xforce/xfdb/82359
http://xforce.iss.net/xforce/xfdb/82360
PM69188 Installation of IBM HTTP Server completes with a warning. Failure occurs because the system's hostname is not set.
PM70994 SSLFakeBasicAuth depends on LoadModule order
PM71102 <Location> settings don't affect some mod_negotiation generated content
PM73304 Add mod_ssl's SSLProxyCheckPeerCN to IBM HTTP Server
PM75876 The 'Header' directive can't set a header only if the header is absent, even when using 'EDIT' mode or relying on other modules.
PM77980 IBM HTTP Server should not add the Server: header by default
PM78087 IBM HTTP Server high memory use when many hundreds of RewriteCond %{REQUEST_URI}
PM78144 IBM HTTP Server large logformats cannot be correctly logged by piped loggers
PM78434 Provide end-to-end timeouts for SSL handshakes
PM79015 mod_disk_cache on Windows gives error: '(OS 5) Access is denied: disk_cache: Rename tempfile to datafile failed'
PM80235 NIST SP800-131a support for IBM HTTP Server

Note: IBM HTTP Server 8.0.0.6 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.24.


Fix Pack 5 (8.0.0.5)
Fix release date: 12 November 2012
Last modified: 12 November 2012
Status: Superseded

Download Fix Pack 5

APAR Description
PM66470 CVE-2012-2687: mod_negotiation - potential information disclosure on compromised site
PM72915 TLS compression should be disabled by default in IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21611881
PM63634 admin.password file was reset after installing fix pack
PM68007 Non-root IBM HTTP Server install fails if primary group has no name
PM70591 IHS on Microsoft Windows startup failure with SSLv3Timeout or SSLv2Timeout in vhost: 'master_main: create child process failed.'
PM71612 Additional non-serviceable files added for IBM HTTP Server.

Note: IBM HTTP Server 8.0.0.5 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.23.


Fix Pack 4 (8.0.0.4)
Fix release date: 06 August 2012
Last modified: 06 August 2012
Status: Superseded

Download Fix Pack 4

APAR Description
PM58899 CVE-2012-0883: IBM HTTP Server incorrectly sets paths for startup
http://xforce.iss.net/xforce/xfdb/74901
PM66218 Upgrade bundled GSKit security library
http://www-01.ibm.com/support/docview.wss?&uid=swg21606096
PM56585 mod_authnz_ldap can generate many unnecessary ldap queries while processing 'Require group'
PM57197 Enhancements to IBM HTTP Server serviceability capabilities for hung threads and slow modules.
PM58545 mod_perl build cannot find "OPT_INCNOEXEC"
PM62011 mod_log_config: The wrong cookie can be logged

Note: IBM HTTP Server 8.0.0.4 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.22.


Fix Pack 3 (8.0.0.3)
Fix release date: 16 April 2012
Last modified: 16 April 2012
Status: Superseded

Download Fix Pack 3

APAR Description
PM52351 CVE-2012-0717: SSLClientAuth Required_reset is not enforced for SSLv2 connections.
PM55760 CVE-2012-0031: Possible parent process crash when untrusted code is run in child.
PM56128 CVE-2012-0053: Possible httpOnly cookie disclosure on compromised site.
http://xforce.iss.net/xforce/xfdb/72758
PM53340 Incorrect request body handling with Expect: 100-continue.
PM54289 install_ihs script results in errors in the postinstall process. (z/OS only)
PM54387 ABEND EC6 after IHS shutdown when using piped loggers. (z/OS only)

Note: IBM HTTP Server 8.0.0.3 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.22.


Fix Pack 2 (8.0.0.2)
Fix release date: 16 January 2012
Last modified: 16 January 2012
Status: Superseded

Download Fix Pack 2

APAR Description
PM47852 CVE-2011-3348: mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized.
PM48384 CVE-2011-3368, CVE-2011-3639, CVE-2011-4317: Potential pattern expansion problem when mod_proxy and mod_rewrite are used together.
PM50426 CVE-2011-3607: Potential buffer overflow and high memory usage in IBM HTTP Server (ap_pregsub)
PM43037 ProxyPass broken due to ebcdic to ascii translation issue with interim response headers
PM43354 No error message for rotatelogs syntax errors
PM44635 IHS returns 500 instead of 401 for a revoked SAF userid
PM44816 Provide end-to-end timeouts for slow requests
PM45618 IHS threads can hang in ldap_bind() without any timeout
PM47429 IHS mod_ldap fails at runtime with 'SSL support failed initialization'
PM49573 IHS startup failure on Windows: 'master_main: create child process failed.'

Note: IBM HTTP Server 8.0.0.2 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.21.


Fix Pack 1 (8.0.0.1)
Fix release date: 26 September 2011
Last modified: 26 September 2011
Status: Superseded

Download Fix Pack 1

APAR Description
PM38826 CVE-2011-0419: apr_fnmatch() routine can result in high CPU with use of mod_autoindex
http://xforce.iss.net/xforce/xfdb/67414
PM46234 CVE-2011-3192: Potential Denial of Service with malicious range requests
http://xforce.iss.net/xforce/xfdb/69396
PM27886 Provide secure SSL renegotiation
PM37261 Use of RLimitMEM and RLimitCPU with mod_cgid on IHS 7.0 fails with an Out of Memory error on Unix
PM37405 mod_authnz_saf on z/OS does not allow user to control behavior when user password is expired
PM38313 Piped loggers that continuously restart cause pipe and file descriptor leaks

Note: IBM HTTP Server 8.0.0.1 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.20.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM HTTP Server

Software version:

8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7, 8.0.0.8

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, z/OS

Reference #:

7021867

Modified date:

2014-01-13

Translate my page

Machine Translation

Content navigation