 |
Fix Available: Security vulnerability in WebSphere Application Server might affect Portal, WCM or Quickr customers
|
| | | Abstract | Administrators of IBM WebSphere Portal, Workplace Web Content Management, Lotus Web Content Management or Lotus Quickr services for WebSphere Portal should verify the underlying fix pack service release level of the Application Server in their environment for this important security issue.
| | | | | | Content | Issue:
JAX-RPC WS-Security might improperly validate UsernameTokens (PK75992)
Versions affected:
IBM WebSphere Application Server Versions 6.0.2.25 through 6.0.2.31, 6.1.0.15 through 6.1.0.21 (6.1.0.22 for z/OS), and 7.0.0.0 through 7.0.0.1.
This security exposure does not occur on versions 5.1, 6.0.2 through 6.0.2.24, 6.0.2.33 or later, 6.1 through 6.1.0.14, 6.1.0.23 or later, and 7.0.0.3 or later.
Numerous releases of IBM WebSphere Portal, Workplace Web Content Management, Lotus Web Content Management or Lotus Quickr services for WebSphere Portal, as well as other products running on WebSphere Application Server. could be affected and should follow the appropriate recommendations to avoid problems.
Problem Description:
When using WS-Security for JAX-RPC applications, the WS-Security runtime has a potential security exposure and may incorrectly validate a UsernameToken. This problem does not exist when WebSphere web services clients are used. This could allow an attacker unauthorized authentication access.
For more information:
Refer to "Security Exposure: WebSphere Application Server with JAX-RPC WS-Security may improperly validate UsernameTokens (PK75992)" (#1367223) provided by the WebSphere Application Server support team. | | | | | | | | | Cross Reference information | | Segment | Product | Component | Platform | Version | Edition | | Enterprise Content Management | Workplace Web Content Management | Security & User Management | AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS | 6.0, 5.1.0 | Java edition | | Enterprise Content Management | Lotus Web Content Management | Security & User Management | AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS | 6.1 | Java edition | | Organizational Productivity- Portals & Collaboration | WebSphere Portal End of Support Products | WebSphere Application Server Integration | AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS | 5.1 | Enable, Experience, Extend | | Organizational Productivity- Portals & Collaboration | Lotus Quickr services for WebSphere Portal | | Linux, Windows | 8.1 | All Editions |
| | |
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Organizational Productivity, Portals & Collaboration | |
| | Portals | |
| | WebSphere Portal End of Support Products | |
| | WebSphere Application Server Integration | |
|
| Operating system(s): |
| |
AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS
|
|
| Software version: |
| |
6.0, 6.1
|
|
| Software edition: |
| |
Enable, Express, Extend, Server
|
|
| Reference #: |
| |
1393631
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2009-07-13 |
|
|
