IBM Support

PI23055;7.0.0.: Potential XSS and CSRF (CVE-2014-4770 and CVE-2014-4816)

Download


Abstract

There is a potential cross-site scripting (XSS) and a potential cross-site request forgery (CSRF) security vulnerability in WebSphere Application Server.

Download Description

PI23055 resolves the following problem:

ERROR DESCRIPTION:
Potential security exposure in WebSphere Application Server

LOCAL FIX:

PROBLEM SUMMARY:
IBM WebSphere Application Server may be vulnerable to cross-site scripting or cross-site request forgery in the Admin Console.

PROBLEM CONCLUSION:
The code has been updated to resolve this issue.

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5109","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI23055/7.0.0.33/readme.txt"}]
On
[{"DNLabel":"7.0.0.27-WS-WAS-IFPI23055","DNDate":"09-16-2014","DNLang":"US English","DNSize":"100585","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.27-WS-WAS-IFPI23055&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"7.0.0.27-WS-WASEmbeded-IFPI23055","DNDate":"09-16-2014","DNLang":"US English","DNSize":"67998","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.27-WS-WASEmbeded-IFPI23055&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Administrative Console (all non-scripting)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.27;7.0.0.29;7.0.0.31;7.0.0.33","Edition":"Advanced;Base;Developer;Network Deployment;Single Server"}]

Problems (APARS) fixed
PI13887;PI17532;PI23055;PM73048;PM76830;PM79992;PM83937

Document Information

Modified date:
15 June 2018

UID

swg24038407