IBM Support

PM71296; 8.0.0.4: An authenticated user may gain access to unauthorized resource

Download


Abstract

If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

Download Description

PM71296 resolves the following problem:

ERROR DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

LOCAL FIX:
None

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1, V7.0, V8.0, and V8.5

PROBLEM DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

RECOMMENDATION:
None

PROBLEM CONCLUSION:
Code has been changed to resolve this security issue.

APAR PM71296 is currently targeted for inclusion in WebSphere Application Server Fix Packs 6.1.0.45, 7.0.0.25, 8.0.0.5, and 8.5.0.1.

Please refer to URL:
http://www.ibm.com/support/docview.wss?uid=swg27006970
for Fix Pack availability.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"3920","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/readme.txt"}]
On
[{"DNLabel":"6.1.0.43-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"41478","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/6.1.0.43-WS-WAS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/6.1.0.43-WS-WAS-IFPM71296.pak"},{"DNLabel":"7.0.0.21-WS-WAS-MultiOS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"59667","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.21-WS-WAS-MultiOS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/7.0.0.21-WS-WAS-MultiOS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/7.0.0.21-WS-WAS-MultiOS-IFPM71296.pak"},{"DNLabel":"7.0.0.23-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"60083","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.23-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/7.0.0.23-WS-WAS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/7.0.0.23-WS-WAS-IFPM71296.pak"},{"DNLabel":"8.0.0.2-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296989","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.2-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.2-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.2-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.0.0.3-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296991","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.3-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.3-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.3-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.0.0.4-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296980","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.4-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.4-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.4-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.5.0.0-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"300831","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.5.0.0-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.5.0.0-WS-WAS-IFPM71296.zip"},{"DNLabel":"++APAR AM71462 for 6.1.0.43","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"451917","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/AM71462.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/AM71462.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/AM71462.terse"},{"DNLabel":"++APAR BM71296 for 7.0.0.23","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"54352","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/BM71296.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/BM71296.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/BM71296.terse"},{"DNLabel":"++APAR CM71296 for 7.0.0.21","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"54028","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/CM71296.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/CM71296.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/CM71296.terse"}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5;8.0.0.4;8.0.0.3;8.0.0.2;7.0.0.23;7.0.0.21;6.1.0.43","Edition":"Base;Express;Network Deployment"}]

Document Information

Modified date:
15 June 2018

UID

swg24033359