PH01221: Potential man-in-the-middle attack in Apache CXF used by JAX-RS (CVE-2018-8039)

Download

Abstract

Potential man-in-the-middle attack in Apache CXF used by JAX-RS (CVE-2018-8039)

Download Description

PH01221 resolves the following problem:

ERROR DESCRIPTION: There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server for JAX-RS (CVE-2018-8039).

PROBLEM SUMMARY: There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server for JAX-RS (CVE-2018-8039)

PROBLEM CONCLUSION: The fix for this APAR is currently targeted for inclusion in fix packs 18.0.0.3 and 9.0.0.9. Please refer to the Recommended Updates page for delivery information:

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

THE FOLLOWING FIXES ARE PROVIDED:
9.0.0.4-WS-WAS-IFPH01221.zip applies to WebSphere traditional fixpacks 9.0.0.4 through 9.0.0.8.
18.0.0.1-WS-WLP-IFPH01221.zip is an IM interim fix that applies to Liberty fixpack 18.0.0.1.
18.0.0.2-WS-WLP-IFPH01221.zip is an IM interim fix that applies to Liberty fixpack 18.0.0.2.
18002-wlp-archive-IFPH01221.jar is an archive fix that applies to Liberty fixpack 18.0.0.1.
18002-wlp-archive-IFPH01221.jar is an archive fix that applies to Liberty fixpack 18.0.0.2.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V90 Readme	2420
18.0.0.x IM Readme	2329
18.0.0.1 Archive Readme	2234
18.0.0.2 Archive Readme	2445

Download Package

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	DOWNLOAD Options What is Fix Central(FC)?
9.0.0.4-WS-WAS-IFPH01221	09-14-2018	18527827	FC
18001-wlp-archive-IFPH01221	09-14-2018	4879111	FC
18002-wlp-archive-IFPH01221	09-14-2018	6073948	FC
18.0.0.1-WS-WLP-IFPH01221	09-14-2018	4954143	FC
18.0.0.2-WS-WLP-IFPH01221	09-14-2018	6147862	FC

Problems Solved

OLGH436

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF014","label":"iOS"},{"code":"PF035","label":"z\/OS"}],"Version":"18.0.0.1;18.0.0.2;9.0.0.4;9.0.0.5;9.0.0.6;9.0.0.7;9.0.0.8","Edition":"Base,Liberty,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
OLGH436

Was this topic helpful?

Document Information

Modified date:
20 September 2018

UID

ibm10731807

Tips