Download
Abstract
Possible security exposure in SAML Web SSO (CVE-2018-1793)
Download Description
PH01752 resolves the following problem:
ERROR DESCRIPTION:
Possible security exposure in SAML Web SSO (CVE-2018-1793).
PROBLEM SUMMARY:
Possible security exposure in SAML Web SSO (CVE-2018-1793).
LOCAL FIX:
For each application server profile, if the SAML Web SSO TAI is not configured, but the WebSphereSamlSP.ear is installed, uninstall WebSphereSamlSP.ear.
PROBLEM CONCLUSION:
The SAML ACS application, WebSphereSamlSP.ear, is updated to eliminate the reported security exposure.
When an interim fix for this APAR is installed, the fix will not be active on a profile until the installed SAML Web SSO application, WebSphereSamlSP.ear, is updated from the (WAS_HOME)/installableApps directory.
THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.23-WS-WAS-IFPH01752.pak applies to fix packs 7.0.0.23 through 7.0.0.45.
8.0.0.4-WS-WAS-IFPH01752.zip applies to fix packs 8.0.0.4 through 8.0.0.15.
8.5.5.0-WS-WASProd-IFPH01752.zip applies to fix packs 8.5.5.0 through 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH01752.zip applies to fix packs 9.0.0.0 through 9.0.0.9.
The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V70 Readme | 5672 |
V80 Readme | 2617 |
V85 Readme | 2887 |
V90 Readme | 2708 |
Download Package
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
DOWNLOAD Options |
---|---|---|---|
7.0.0.23-WS-WAS-IFPH01752 | 09-05-2018 | 10729 | FC |
8.0.0.4-WS-WAS-IFPH01752 | 09-05-2018 | 230070 | FC |
8.5.5.0-WS-WASProd-IFPH01752 | 09-05-2018 | 238828 | FC |
9.0.0.0-WS-WASProd-IFPH01752 | 09-05-2018 | 231727 | FC |
Problems Solved
PH01752
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
05 October 2018
UID
ibm10730545