IBM Support

PI39768; Security Vulnerability in Apache Batik used by WebSphere Application Server

Download


Abstract

Security vulnerability interim fix for CVE-2015-0250

Download Description

PI39768 resolves the following problem:

ERROR DESCRIPTION:
Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.

LOCAL FIX:

PROBLEM SUMMARY:
Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.

PROBLEM CONCLUSION:
Install the interim fix or a fix pack containing this APAR

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"v8.5.5 Readme","INLang":"US English","INSize":"2090","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/support\/fixes\/PI39768\/8.5.5.2\/readme.txt"},{"INLabel":"v8.0 Readme ","INLang":"US English","INSize":"2090","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/support\/fixes\/PI39768\/8.0.0.10\/readme.txt"}]
On
[{"DNLabel":"8.5.5.2-WS-WASND-IFPI39768","DNDate":"07-29-2015","DNLang":"US English","DNSize":"3218280","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.2-WS-WASND-IFPI39768&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.10-WS-WASND-IFPI39768","DNDate":"08-06-2015","DNLang":"US English","DNSize":"3217647","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.10-WS-WASND-IFPI39768&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9-WS-WASND-IFPI39768","DNDate":"06-11-2015","DNLang":"English","DNSize":"4094955","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.9-WS-WASND-IFPI39768&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.5-WS-WASND-IFPI39768","DNDate":"06-11-2015","DNLang":"English","DNSize":"4095729","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.5-WS-WASND-IFPI39768&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.2;8.0.0.10","Edition":"Network Deployment"}]

Document Information

Modified date:
15 June 2018

UID

swg24040442