IBM Support

PI37230;8.0.0, 8.5.5: Security Vulnerability in Administrative Console

Download


Abstract

Security Vulnerability in Administrative Console (CVE-2015-1936)

Download Description

PI37230 resolves the following problem:

ERROR DESCRIPTION:
IBM WebSphere Application Server Administrative console could allow a remote authenticated attacker to hijack a user's session when Security is not enabled. An attacker could exploit this vulnerability using the JSESSIONID parameter to gain access to another user's session.

LOCAL FIX:

PROBLEM SUMMARY:
IBM WebSphere Application Server Administrative console could allow a remote authenticated attacker to hijack a user's session when Security is not enabled. An attacker could exploit this vulnerability using the JSESSIONID parameter to gain access to another user's session.

PROBLEM CONCLUSION:
Apply Interim Fix.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme V8.0.0","INLang":"US English","INSize":"2138","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/support\/fixes\/PI37230\/8.0.0.10\/readme.txt"},{"INLabel":"Readme V8.5.5","INLang":"US English","INSize":"2138","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/support\/fixes\/PI37230\/8.5.5.5\/readme.txt"}]
On
[{"DNLabel":"8.0.0.10-WS-WAS-IFPI37230","DNDate":"07-15-2015","DNLang":"US English","DNSize":"259974","DNPlat":{"label":"IBM i","code":"PF012"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.10-WS-WAS-IFPI37230&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.5-WS-WAS-IFPI37230","DNDate":"15 Jul 2015","DNLang":"US English","DNSize":"260565","DNPlat":{"label":"IBM i","code":"PF012"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.5-WS-WAS-IFPI37230&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9-WS-WAS-IFPI37230","DNDate":"07-15-2015","DNLang":"US English","DNSize":"274689","DNPlat":{"label":"IBM i","code":"PF012"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.9-WS-WAS-IFPI37230&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2-WS-WAS-IFPI37230","DNDate":"15 Jul 2015","DNLang":"US English","DNSize":"310014","DNPlat":{"label":"IBM i","code":"PF012"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.2-WS-WAS-IFPI37230&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.11-WS-WAS-IFPI37230","DNDate":"2 Sep 2015","DNLang":"US English","DNSize":"260141","DNPlat":{"label":"IBM i","code":"PF012"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.11-WS-WAS-IFPI37230&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"General","Platform":[{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.0.0.9;8.0.0.11;8.0.0.10","Edition":"Base;Liberty;Network Deployment"}]

Document Information

Modified date:
15 June 2018

UID

swg24040347