A fix is available
APAR status
Closed as program error.
Error description
Unfortunately, Apache does not provide an updated jar file to remedy this issue. Instead, code change is published. So we propose the make changes to the source code, and compile it, and distribute a new jar, which could be named axis-patched- 1.4.jar. Apache Axis source code can be found here on top of Apache website. The class to be modified is: org.apache.axis.components.net. JSSESocketFactory
Local fix
Update the axis jar with the patched one
Problem summary
To avoid CVE-2012-5784 AND CVE-2014-3596 axis-1.4.jar SECURITY VULNERABILITY we built a new jar axis-patched-1.4.jar and publish an ifix which includes this new jar.
Problem conclusion
The code is fixed
Temporary fix
Comments
APAR Information
APAR number
RS02827
Reported component name
WDS FOR RULES
Reported component ID
5725B6903
Reported release
851
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-07-18
Closed date
2017-07-18
Last modified date
2017-07-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
WDS FOR RULES
Fixed component ID
5725B6903
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 February 2022