IBM Support

PI36866;8.5.5: Obtain sensitive information with Apache WSS4J CVE-2015-0226

Download


Abstract

Obtain sensitive information with Apache WSS4J CVE-2015-0226

Download Description

PI36866 resolves the following problem:

ERROR DESCRIPTION:
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226

LOCAL FIX:

PROBLEM SUMMARY:
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226.

PROBLEM CONCLUSION:
Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacher's attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.6.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2560","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/support\/fixes\/PI36866\/8.5.5.4\/readme.txt"}]
On
[{"DNLabel":"8.5.5.4-WS-WLPWithExtensions-IFPI36866","DNDate":"06-12-2015","DNLang":"US English","DNSize":"1251306","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.4-WS-WLPWithExtensions-IFPI36866&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.5;8.5.5.4","Edition":"Base;Liberty;Network Deployment;Single Server"}]

Document Information

Modified date:
15 June 2018

UID

swg24040191