IBM Support

PH03986:Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Download


Abstract

Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Download Description

PH03986 resolves the following problem:

ERROR DESCRIPTION:
Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

PROBLEM SUMMARY:
Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

PROBLEM CONCLUSION:
The vulnerability is resolved.

 This set of fixes for PH03986 are replacements for those originally provided for APAR PI95973.  If you have PI95973 installed, in order to ensure that your system is adequately protected, you must install this fix.  There is no need to uninstall the fix for PI95973 before installing the fix for PH03986.

image With this iFix applied, during server shutdown, you may see an FFDC for a java.lang.reflect.UndeclaredThrowableException error in the application server log.  This FFDC is not an artifact of the original security vulnerability and can be ignored at this time.

 

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.45-WS-WAS-IFPH03986.pak applies to fix pack 7.0.0.45.
8.0.0.15-WS-WAS-IFPH03986.zip applies to fix pack 8.0.0.15.
8.5.5.12-WS-WAS-IFPH03986.zip applies to fix packs 8.5.5.12 through 8.5.5.14.
9.0.0.4-WS-WAS-IFPH03986.zip applies to fix packs 9.0.0.4 through 9.0.0.9.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10.  Please refer to the Recommended Updates page for delivery information: 
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

 

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V70 Readme 5327
V80 Readme 2641
V85 Readme 2619
V90 Readme 2461

 

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?
7.0.0.45-WS-WAS-IFPH03986 10-13-2018 50437 FC
8.0.0.15-WS-WAS-IFPH03986 10-13-2018 346734 FC
8.5.5.12-WS-WAS-IFPH03986 10-13-2018 347676 FC
9.0.0.9-WS-WAS-IFPH03986 10-13-2018 353618 FC

 

Problems Solved

PH03986 PI95973 PI69603

 

Known Side Effects

With this iFix applied, during server shutdown, you may see an FFDC for a java.lang.reflect.UndeclaredThrowableException error in the application server log.  This FFDC is not an artifact of the original security vulnerability and can be ignored at this time.

On

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.45, 8.0.0.15, 8.5.5.12, 8.5.5.13, 8.5.5.14, 9.0.0.4, 9.0.0.5, 9.0.0.6, 9.0.0.7, 9.0.0.8, 9.0.0.9","Edition":"Base,Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
13 October 2018

UID

ibm10732515

Page Feedback