IBM Support

PH09869: Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211, CVE-2019-0220)

Download


Abstract

Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211, CVE-2019-0220)

Download Description

PH09869 resolves the following problem:

ERROR DESCRIPTION:
CVE-2019-0211: Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system.
CVE-2019-0220: Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies.

PROBLEM SUMMARY:
CVE-2019-0211 applies to IHS 9.0.0.0 and later on all platforms, excluding Windows.
CVE-2019-0220 applies to all releases and maintenance levels of IHS on all platforms.

PROBLEM CONCLUSION:
The fix for this APAR is targeted for IHS 9.0.5.0 and 8.5.5.16.

Prerequisites

Please download the UpdateInstaller below to install this fix.

URL SIZE(Bytes)
UpdateInstaller 7250000

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V70 Readme 5184
V80 Readme 2176
V85 Readme 2182
V90 Readme 2271
V90 archive Readme 1633

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

7.0.0.45-WS-WASIHS-AixPPC32-IFPH09869 04-17-2019 4115260 FC
7.0.0.45-WS-WASIHS-HpuxIA64-IFPH09869 04-17-2019 9720075 FC
7.0.0.45-WS-WASIHS-HpuxPaRISC-IFPH09869 04-17-2019 3936659 FC
7.0.0.45-WS-WASIHS-LinuxX32-IFPH09869 04-17-2019 2866314 FC
7.0.0.45-WS-WASIHS-LinuxPPC32-IFPH09869 04-17-2019 3179137 FC
7.0.0.45-WS-WASIHS-LinuxS390-IFPH09869 04-17-2019 3175856 FC
7.0.0.45-WS-WASIHS-SolarisSparc-IFPH09869 04-17-2019 4465724 FC
7.0.0.45-WS-WASIHS-SolarisX64-IFPH09869 04-17-2019 3076624 FC
7.0.0.45-WS-WASIHS-WinX32-IFPH09869 04-17-2019 5503954 FC
8.0.0.15-WS-WASIHS-IFPH09869 04-17-2019 80966056 FC
8.5.5.14-WS-WASIHS-IFPH09869 04-17-2019 9719396 FC
8.5.5.15-WS-WASIHS-IFPH09869 04-17-2019 9603647 FC
9.0.0.9-WS-WASIHS-IFPH09869 04-17-2019 9550229 FC
9.0.0.10-WS-WASIHS-IFPH09869 04-17-2019 9550399 FC
9.0.0.11-WS-WASIHS-IFPH09869 04-17-2019 9550392 FC
9.0.0.11-WS-WASIHS_Archive-AixPPC64-IFPH09869 04-17-2019 25555315 FC
9.0.0.11-WS-WASIHS_Archive-LinuxPPC64LE-IFPH09869 04-17-2019 25527572 FC
9.0.0.11-WS-WASIHS_Archive-LinuxS39064-IFPH09869 04-17-2019 26556737 FC
9.0.0.11-WS-WASIHS_Archive-LinuxX64-IFPH09869 04-17-2019 24742168 FC
9.0.0.11-WS-WASIHS_Archive-WinX32-IFPH09869 04-17-2019 25782107 FC
9.0.0.11-WS-WASIHS_Archive-WinX64-IFPH09869 04-17-2019 26703373 FC

Problems Solved

PH09869 PH10750

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PH09869

Document information

More support for: WebSphere Application Server

Component: IBM HTTP Server

Software version: 7.0.0.45, 8.0.0.15, 8.5.5.14, 8.5.5.15, 9.0.0.9, 9.0.0.10, 9.0.0.11

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition: Advanced,Base,Enterprise,Network Deployment,Single Server

Reference #: 0881798

Modified date: 23 April 2019