Fix Readme
Abstract
To fix the security vulnerability, CVE-2016-3092, for IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, IBM Watson Content Analytics, and IBM Content Analytics, you replace the commons-fileupload*.jar file.
Content
As detailed in the following security bulletin, apply the applicable interim fix for the applicable version: http://www.ibm.com/support/docview.wss?uid=swg21990062
To apply the fix:
- Stop the applicable components: Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, Watson Content Analytics, or IBM Content Analytics.
- Extract the contents of the interim fix into a temporary directory.
- Rename or remove the following commons-fileupload*.jar files to *.jar.bak:
$ES_INSTALL_ROOT/lib/axis2/commons-fileupload-1.2.jar
$ES_INSTALL_ROOT/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/samples/commonui/build/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/samples/search/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/samples/searchportlet/lib/commons-fileupload.jar
$ES_INSTALL_ROOT/samples/searchportlet/lib/portal/commons-fileupload.jar
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdmin.ear/ESAdmin.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdminRestServer.ear/ESAdminRestServer.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdminRestServer20.ear/ESAdminRestServer20.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/ESRestServer.ear/ESRestServer.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/analytics.ear/analytics.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/commonui.ear/commonui.war/WEB-INF/lib/commons-fileupload-1.3.1.jar
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/search.ear/search.war/WEB-INF/lib/commons-fileupload-1.3.1.jar - Copy commons-fileupload-1.3.2.jar into the following directories.
$ES_INSTALL_ROOT/lib/axis2/
$ES_INSTALL_ROOT/lib/
$ES_INSTALL_ROOT/samples/commonui/build/lib/
$ES_INSTALL_ROOT/samples/search/lib/
$ES_INSTALL_ROOT/samples/searchportlet/lib/
$ES_INSTALL_ROOT/samples/searchportlet/lib/portal/
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdmin.ear/ESAdmin.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdminRestServer.ear/ESAdminRestServer.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/admin/apps/ESAdminRestServer20.ear/ESAdminRestServer20.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/ESRestServer.ear/ESRestServer.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/analytics.ear/analytics.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/commonui.ear/commonui.war/WEB-INF/lib/
$ES_INSTALL_ROOT/wlpapps/servers/searchapp/apps/search.ear/search.war/WEB-INF/lib/ - Overwrite the old version of es.indexservice.jar with the fixed version in the $ES_INSTALL_ROOT/lib directory.
- If you choose an IBM WebSphere Application Server installation, update installed *.ear applications with fix module versions by using the WebSphere Application Server administrative console.
- Restart Watson Explorer Analytical Components.
[{"Product":{"code":"SS8NLW","label":"IBM Watson Explorer"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"10.0.0;11.0.0;11.0.1","Edition":"Advanced","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SS5RWK","label":"Content Analytics with Enterprise Search"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"3.5;3.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21996334