APAR status
Closed as program error.
Error description
Error Message: A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. . Stack Trace: N/A .
Local fix
Problem summary
This problem happened when trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects.
Problem conclusion
This defect will be fixed in: 6.0.0 SR9 FP2 . The implementation has been updated to avoid this hack. . To obtain the fix: Install build 20110319 or later
Temporary fix
Comments
APAR Information
APAR number
IV02648
Reported component name
JAVA CLASS LIBS
Reported component ID
620700130
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-06-30
Closed date
2011-06-30
Last modified date
2011-07-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA CLASS LIBS
Fixed component ID
620700130
Applicable component levels
R600 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.