PI38302;6.1.0: Security Vulnerability in IBM WebSphere Application Server

Download

Abstract

PI38302 Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920)

Download Description

PI38302 resolves the following problem:

ERROR DESCRIPTION:
WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions

Local fix:
None

PROBLEM SUMMARY:
WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions

PROBLEM CONCLUSION:
WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.

6.1.0.47-WS-WAS-IFPI38302 applies to fixpack 6.1.0.47
7.0.0.21-WS-WAS-IFPI38302 applies to fixpacks 7.0.0.21 through 7.0.0.37
8.0.0.3-WS-WASProd-IFPI38302 applies to fixpacks 8.0.0.3 through 8.0.0.10
8.0.0.3-WS-WASEmbeded-IFPI38302 applies to fixpacks 8.0.0.3 through 8.0.0.10
8.5.0.0-WS-WASProd-IFPI38302 applies to fixpacks 8.5.0.0 through 8.5.0.2
8.5.5.0-WS-WASProd-IFPI38302 applies to fixpacks 8.5.5.0 through 8.5.5.5

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme v6.1","INLang":"US English","INSize":"6438","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI38302/6.1.0.47/readme.txt"},{"INLabel":"Readme v7.0","INLang":"US English","INSize":"4928","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI38302/7.0.0.37/readme.txt"},{"INLabel":"Readme v8.0","INLang":"US English","INSize":"2289","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI38302/8.0.0.10/readme.txt"},{"INLabel":"Readme v8.5.0","INLang":"US English","INSize":"2224","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI38302/8.5.0.0/readme.txt"},{"INLabel":"Readme v8.5.5","INLang":"US English","INSize":"2224","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI38302/8.5.5.5/readme.txt"}]

          [{"DNLabel":"6.1.0.47-WS-WAS-IFPI38302","DNDate":"04-23-2015","DNLang":"US English","DNSize":"36589","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.47-WS-WAS-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.21-WS-WAS-IFPI38302","DNDate":"28 Apr 2015","DNLang":"US English","DNSize":"49069","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.21-WS-WAS-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.3-WS-WASProd-IFPI38302","DNDate":"28 Apr 2015","DNLang":"US English","DNSize":"302900","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.3-WS-WASProd-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WASProd-IFPI38302","DNDate":"28 Apr 2015","DNLang":"US English","DNSize":"297929","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WASProd-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0-WS-WASProd-IFPI38302","DNDate":"28 Apr 2015","DNLang":"US English","DNSize":"302144","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.0-WS-WASProd-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.3-WS-WASEmbeded-IFPI38302","DNDate":"22 May 2015","DNLang":"US English","DNSize":"302958","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.3-WS-WASEmbeded-IFPI38302&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF012","label":"IBM i"}],"Version":"8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.10;7.0.0.37;7.0.0.35;7.0.0.33;7.0.0.31;7.0.0.29;7.0.0.27;7.0.0.25;7.0.0.23;7.0.0.21;6.1.0.47","Edition":"Base;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PI38302

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24039898

Tips