Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313 CVSS 5.3)
Download Description
THIS FIX SUPERSEDES MULTIPLE PREVIOUS FIXES
The fixes on this page supersede multiple previous fixes. The links to the previous fixes for the APARS below are removed from their corresponding download pages.
This fix below resolves (includes) the following APARS:
- PH58869: Weaker than expected security (CVE-2023-50313 CVSS 5.3)
- PH59682: XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
- PH59304: IllegalArgumentException when enabling SP800-131/FIPS140-2 with TLSv1.3
- PH61068: A NoSuchMethodException is thrown if iFix PH59304 PH58869 are installed together
- PH61385: IFPH59682 may overlay changes from IFPH59304, IFPH58869 or IFPH61068 in thin clients
Prerequisites
None
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. |
DOWNLOAD | RELEASE DATE | SIZE(Bytes) | Applies to |
URL |
---|---|---|---|---|
8.5.5.24-WS-WAS-IFPH61385 | 21 May 2024 | 5988366 | 8.5.5.24, 8.5.5.25 | FC |
9.0.5.18-WS-WAS-IFPH61385 | 21 May 2024 | 6432886 | 9.0.5.18, 9.0.5.19 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
Problems Solved
PH58869 PH59304 PH61068 PH61385
Known Side Effects
If components of the server are configured to use an SSL Alias that does not exist, some operations may fail with the following exception after PH58869:
com.ibm.websphere.ssl.SSLException: The specified sslAlias =localhost/DefaultSSLSettings does not exist..
To work around the issue until the configuration can be purged of invalid SSL aliases, set the following security custom property:
com.ibm.websphere.ssl.fallback.for.nonexistent.alias=true
Change History
- May 21: Replace download links with IFPH61385, superseding previous IFPH61068 fix.
- May 13: Replaced download links with IFPH61068. IFPH61068 resolves/supersedes both PH58869 and PH59304
- April 17: Replaced fixes. Versions of this fix downloaded prior to April 17 (fix ids containing 20240329) may prevent two specialty server types from starting in WebSphere Application Server for Network Deployment and WebSphere Application Server for z/OS, with the an exception message containing the following text:
Caused by: com.ibm.websphere.ssl.SSLException: The specified sslAlias =com.ibm.ssl.alias does not exist
- WebSphere Proxy Servers
- (java) On Demand Routers
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.24;8.5.5.25;9.0.5.18;9.0.5.19","Edition":"Base","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
21 May 2024
UID
ibm17145588