JR42771: Security APAR CVE-2012-3298 - CMVC 222194: Vulnerability in WebSphere Commerce related to personalization IDs

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Customers using persistent sessions and personalization IDs in
    WebSphere Commerce Version 7 are susceptible to a potential
    denial of service attack.
    

Local fix

Problem summary

  • USERS AFFECTED:
    WebSphere Commerce v7.0 users who have personalization enabled
    
    PROBLEM ABSTRACT:
    WebSphere Commerce contains a security vulnerability related to
    its use of persistent sessions and personalization IDs.
    
    BUSINESS IMPACT:
    Could impact site performance
    
    RECOMMENDATION:
    

Problem conclusion

  • Handling of personalization IDs was changed to resolve the issue
    -------------------------------------------------------------
    The latest available maintenance information can be obtained
    from the Recommended Fixes for WebSphere Commerce technote:
    http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR42771

  • Reported component name

    WC BUS EDITION

  • Reported component ID

    5724I3800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-05-10

  • Closed date

    2012-10-12

  • Last modified date

    2012-10-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WC BUS EDITION

  • Fixed component ID

    5724I3800

Applicable component levels

  • R700 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Commerce Enterprise

Software version:

7.0

Reference #:

JR42771

Modified date:

2012-10-12

Translate my page

Machine Translation

Content navigation