IBM Support

PI30579 : Security Vulnerability with JavaServer Faces 2.0 portlet application

Download


Abstract

Security Vulnerability with JavaServer Faces 2.0 portlet application

Download Description

PI30579 resolves the following problem:

ERROR DESCRIPTION:
WebSphere Application Server could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within the JavaServer Faces (JSF) 2.0 portlet application. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information

LOCAL FIX:

PROBLEM SUMMARY:
The JSF 2.0 portlet bridge needs to be updated to restrict access to resources within JSF 2.0 portlet application

PROBLEM CONCLUSION:
The JSF 2.0 Portlet bridge was updated to restrict access to resources within JSF 2.0 portlet application

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2664","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.0.0.8/readme.txt"},{"INLabel":"Readme_8.5.5.2","INLang":"US English","INSize":"2666","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.2/readme.txt"},{"INLabel":"Readme_8.5.5.4","INLang":"US English","INSize":"2735","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.4/readme.txt"},{"INLabel":"Readme_8.5.5.3","INLang":"US English","INSize":"2572","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.3/readme.txt"}]
On
[{"DNLabel":"8.0.0.8-WS-WAS-IFPI30579","DNDate":"02-20-2015","DNLang":"US English","DNSize":"268124","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.8-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2-WS-WAS-IFPI30579","DNDate":"2 Mar 2015","DNLang":"US English","DNSize":"268733","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.2-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4-WS-WAS-IFPI30579","DNDate":"16 Apr 2015","DNLang":"US English","DNSize":"268935","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.3-WS-WAS-IFPI30579","DNDate":"11 Dec 2015","DNLang":"US English","DNSize":"269139","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.3-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.5.5.4;8.5.5.3;8.5.5.2;8.0.0.8","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018

UID

swg24039435