Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

​IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks due to a use of malicious backend and a denial of service attack due to an out-of-bounds read or write as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes section. Read More