Direct links to fixes
APAR status
Closed as program error.
Error description
Customers using persistent sessions and personalization IDs in WebSphere Commerce Version 7 are susceptible to a potential denial of service attack.
Local fix
Problem summary
USERS AFFECTED: WebSphere Commerce v7.0 users who have personalization enabled PROBLEM ABSTRACT: WebSphere Commerce contains a security vulnerability related to its use of persistent sessions and personalization IDs. BUSINESS IMPACT: Could impact site performance RECOMMENDATION:
Problem conclusion
Handling of personalization IDs was changed to resolve the issue ------------------------------------------------------------- The latest available maintenance information can be obtained from the Recommended Fixes for WebSphere Commerce technote: http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
Temporary fix
Comments
APAR Information
APAR number
JR42771
Reported component name
WC BUS EDITION
Reported component ID
5724I3800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-05-10
Closed date
2012-10-12
Last modified date
2012-10-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WC BUS EDITION
Fixed component ID
5724I3800
Applicable component levels
R700 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
12 October 2012