IBM Support

PI87300: Information disclosure in WebSphere Application Server in JSF (CVE-2017-1583)

Download


Abstract

Information Disclosure in WebSphere Application Server in JSF (CVE-2017-1583)

Download Description

PI87300 resolves the following problem:

ERROR DESCRIPTION:
Information Disclosure in WebSphere Application Server in JSF (CVE-2017-1583).

LOCAL FIX:

PROBLEM SUMMARY:
Information Disclosure in WebSphere Application Server in JSF (CVE-2017-1583).

PROBLEM CONCLUSION:
The JSF MyFaces 2.0 code was updated to fix this vulnerability.

The fix for this APAR is currently targeted for inclusion in fix pack
8.0.0.15, and 8.5.5.13 for WebSphere Application Server traditional
and 17.0.0.3 for WebSphere Application Server Liberty.
Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"V85 Readme","INLang":"US English","INSize":"2943","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI87300/8.5.5.12/readme.txt"},{"INLabel":"V80 Readme","INLang":"US English","INSize":"2877","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI87300/8.0.0.13/readme.txt"},{"INLabel":"17.0.0.x Readme (non-archive)","INLang":"US English","INSize":"2809","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI87300/17.0.0.2/readme.txt"},{"INLabel":"17.0.0.1 Readme (archive)","INLang":"US English","INSize":"2957","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI87300/17.0.0.2/readme.txt"}]
On
[{"DNLabel":"8.5.5.4 - 8.5.5.12 WAS traditional","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"283276","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.5.4-WS-WAS-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.10 - 8.0.0.13 WAS traditional","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"275335","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.0.0.10-WS-WAS-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.14 WAS traditional","DNDate":"30 Oct 2017","DNLang":"US English","DNSize":"266675","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.0.0.14-WS-WAS-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.6 WAS Liberty archive","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"4861055","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8556-wlp-archive-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"17.0.0.2 WAS Liberty archive","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"4129456","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=17002-wlp-archive-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"17.0.0.1 WAS Liberty","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"4080886","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=17.0.0.1-WS-WLP-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"17.0.0.2 WAS Liberty","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"4198491","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=17.0.0.2-WS-WLP-IFPI87300&includeSupersedes=0","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.9;8.5.5.8;8.5.5.7;8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.12;8.5.5.11;8.5.5.10;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;17.0.0.2;17.0.0.1;8.0.0.14","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24044155