IBM Support

PM85834; 8.0.0.6: Confidential for Security Integrity ifix.

Download


Abstract

Potential security exposure in WebSphere Application Server

Download Description

PM85834 resolves the following problem:

ERROR DESCRIPTION:
Potential security exposure in WebSphere Application Server

LOCAL FIX:
n.a

PROBLEM SUMMARY:
WebSphere Application Server using OAuth could allow a remote attacker to obtain someone else's credentials. A remote attacker could exploit this vulnerability to steal the victims cookie-based authentication credentials.

PROBLEM CONCLUSION:
The code has been updated to resolve this issue. For more details please refer to the security bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21635998

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5010","INURL":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM85834/7.0.0.27/readme.txt"}]
On
[{"DNLabel":"8.0.0.5-WS-WAS-IFPM85834","DNDate":"13 Jun 2013","DNLang":"US English","DNSize":"275089","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.5-WS-WAS-IFPM85834&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.6-WS-WAS-IFPM85834","DNDate":"13 Jun 2013","DNLang":"US English","DNSize":"275182","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.6-WS-WAS-IFPM85834&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WAS-IFPM85834","DNDate":"13 Jun 2013","DNLang":"US English","DNSize":"280528","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WAS-IFPM85834&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.25-WS-WAS-IFPM85834","DNDate":"13 Jun 2013","DNLang":"US English","DNSize":"35564","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.25-WS-WAS-MultiOS-IFPM85834&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM85834/7.0.0.27/7.0.0.27-WS-WAS-MultiOS-IFPM85834.pak","DDURL":null},{"DNLabel":"7.0.0.27-WS-WAS-IFPM85834","DNDate":"13 Jun 2013","DNLang":"US English","DNSize":"35807","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.27-WS-WAS-MultiOS-IFPM85834&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM85834/7.0.0.27/7.0.0.27-WS-WAS-MultiOS-IFPM85834.pak","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.0.2;8.0.0.6;8.0.0.5;7.0.0.27;7.0.0.25","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24035163