IBM Support

PI12926: CVE-2014-0050 for WebSphere Web Container

Download


Abstract

Potential Denial of Service (DoS) vulnerability with crafted headers

Download Description

PROBLEM DESCRIPTION:
Security vulnerability in the Web Container component of the WebSphere Application Server that can result in a Denial of Service.

USERS AFFECTED:
All users of IBM WebSphere Application Server versions 8.0, 8.5, and 8.5.5.

RECOMMENDATION:
Apply this fix.

PROBLEM CONCLUSION:
WebContainer has been updated to mitigate the vulnerability.

This fix is targeted for IBM HTTP Server fix packs:


- 8.0.0.9
- 8.5.5.2

Installation Instructions

Installation Manager (IM) based interim fixes can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It may be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.

The interim fix is also available from Fix Central at the link listed in the Download Package section below.

Additional installation instructions are located in the readme file for the fix.

On
[{"DNLabel":"8.0.0.0 - 8.0.0.8 Full Profile IM","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"275368","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.0.0.0-WS-WAS-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0 - 8.5.0.2 Full Profile IM","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"274437","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.0.0-WS-WAS-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0 - 8.5.5.1 Full Profile IM","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"273378","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.5.0-WS-WAS-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2 Liberty Profile IM (Distributed)","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"258550","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2 Liberty Profile IM (z/OS)","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"258185","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.0.2-WS-WASProd_WLP-OS390-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0 Liberty Profile IM","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"207536","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.5.0-WS-WLP-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.1 Liberty Profile IM","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"207547","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.5.1-WS-WLP-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2 Liberty Profile Archive","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"74114","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.0.2-WS-WASProd_WLPArchive-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0 Liberty Profile Archive","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"2541736","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8550-wlp-archive-IFPI12926","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.1 Liberty Profile Archive","DNDate":"31 Mar 2014","DNLang":"US English","DNSize":"2567761","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8551-wlp-archive-IFPI12926","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Servlet Engine\/Web Container","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24037284