Download
Abstract
Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
Download Description
PH03986 resolves the following problem:
ERROR DESCRIPTION:
Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
PROBLEM SUMMARY:
Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)
PROBLEM CONCLUSION:
The vulnerability is resolved.
This set of fixes for PH03986 are replacements for those originally provided for APAR PI95973. If you have PI95973 installed, in order to ensure that your system is adequately protected, you must install this fix. There is no need to uninstall the fix for PI95973 before installing the fix for PH03986.
With this iFix applied, during server shutdown, you may see an FFDC for a java.lang.reflect.UndeclaredThrowableException error in the application server log. This FFDC is not an artifact of the original security vulnerability and can be ignored at this time.
THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.45-WS-WAS-IFPH03986.pak applies to fix pack 7.0.0.45.
8.0.0.15-WS-WAS-IFPH03986.zip applies to fix pack 8.0.0.15.
8.5.5.12-WS-WAS-IFPH03986.zip applies to fix packs 8.5.5.12 through 8.5.5.14.
9.0.0.4-WS-WAS-IFPH03986.zip applies to fix packs 9.0.0.4 through 9.0.0.9.
The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
URL | SIZE(Bytes) |
---|---|
V70 Readme | 5327 |
V80 Readme | 2641 |
V85 Readme | 2619 |
V90 Readme | 2461 |
Download Package
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
DOWNLOAD Options |
---|---|---|---|
7.0.0.45-WS-WAS-IFPH03986 | 10-13-2018 | 50437 | FC |
8.0.0.15-WS-WAS-IFPH03986 | 10-13-2018 | 346734 | FC |
8.5.5.12-WS-WAS-IFPH03986 | 10-13-2018 | 347676 | FC |
9.0.0.9-WS-WAS-IFPH03986 | 10-13-2018 | 353618 | FC |
Problems Solved
PH03986 PI95973 PI69603
Known Side Effects
With this iFix applied, during server shutdown, you may see an FFDC for a java.lang.reflect.UndeclaredThrowableException error in the application server log. This FFDC is not an artifact of the original security vulnerability and can be ignored at this time.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
13 October 2018
UID
ibm10732515