IBM Support

PI62375:Potential security vulnerability in WebSphere Application Server Liberty Profile

Download


Abstract

Potential security vulnerability in WebSphere Application Server Liberty Profile when WASPostParam cookie is used.

Download Description

Note that for the traditional WebSphere Application Server, PI62375 is superseded by PI70737.

Please refer to the following link for PI70737:


http://www.ibm.com/support/docview.wss?uid=swg24042908

PI62375 resolves the following problem:

ERROR DESCRIPTION:
Potential security vulnerability in WebSphere Application Server when WASPostParam cookie is used.

LOCAL FIX:
N/A

PROBLEM SUMMARY:
Potential security vulnerability in WebSphere Application Server when WASPostParam cookie is used.

PROBLEM CONCLUSION:
The potential security vulnerability was resolved.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Liberty Archive V16.0.0.2 Readme","INLang":"US English","INSize":"2324","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI62375/16.0.0.2/readme.txt"},{"INLabel":"Liberty Archive V8.5.5.9 Readme","INLang":"US English","INSize":"2424","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI62375/8.5.5.9/readme.txt"},{"INLabel":"Liberty Archive V8.5.5.8 Readme","INLang":"US English","INSize":"2389","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI62375/8.5.5.8/readme.txt"},{"INLabel":"Liberty Archive V16.0.0.3 Readme","INLang":"US English","INSize":"2159","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI62375/16.0.0.3/readme.txt"},{"INLabel":"Liberty V16.0.0.3 IM Readme","INLang":"US English","INSize":"2342","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI62375/16.0.0.3/readme.txt"},{"INLabel":"Liberty V16.0.0.2 IM Readme","INLang":"US English","INSize":"2276","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI62375/16.0.0.2/readme.txt"}]
On
[{"DNLabel":"16.0.0.3-WS-WLP-IFPI62375","DNDate":"16-9-19","DNLang":"US English","DNSize":"3108126","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16.0.0.3-WS-WLP-IFPI62375&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"16.0.0.2-WS-WLP-IFPI62375","DNDate":"16-9-7","DNLang":"US English","DNSize":"3187578","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16.0.0.2-WS-WLP-IFPI62375&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.9-WS-WLP-IFPI62375","DNDate":"7 Sep 2016","DNLang":"US English","DNSize":"2368812","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.9-WS-WLP-IFPI62375&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.8-WS-WLP-IFPI62375","DNDate":"7 Sep 2016","DNLang":"US English","DNSize":"2457285","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.8-WS-WLP-IFPI62375&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"16003-wlp-archive-IFPI62375","DNDate":"16-9-19","DNLang":"US English","DNSize":"3036665","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16003-wlp-archive-IFPI62375&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"16002-wlp-archive-IFPI62375","DNDate":"16-9-7","DNLang":"US English","DNSize":"3115920","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16002-wlp-archive-IFPI62375&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8559-wlp-archive-IFPI62375","DNDate":"7 Sep 2016","DNLang":"US English","DNSize":"5053335","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8559-wlp-archive-IFPI62375&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8558-wlp-archive-IFPI62375","DNDate":"7 Sep 2016","DNLang":"US English","DNSize":"5067758","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8558-wlp-archive-IFPI62375&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF014","label":"iOS"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.9;8.5.5.8;16.0.0.3;16.0.0.2","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24042712