IBM Support

JR44528: Security APAR CVE-2012-4855: Potential denial of service vulnerability with WebSphere Commerce web services

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • WebSphere Commerce users are susceptible to a  potential Denial
    of Service attack due to  a security vulnerability in the Web
    Services framework
    

Local fix

Problem summary

  • USERS AFFECTED:
    WebSphere Commerce  users
    
    PROBLEM ABSTRACT:
    Security APAR CVE-2012-4855: Potential denial of service
    vulnerability with WebSphere Commerce web services
    
    BUSINESS IMPACT:
    Potential Denial of Service attack due to  a security
    vulnerability in the Web Services framework
    
    RECOMMENDATION:
    

Problem conclusion

  • The WebSphere Commerce Web Services framework has been updated
    to eliminate the vulnerability.  Applications running WebSphere
    Commerce 6 Feature Pack 5, also need to apply the iFix for APAR
    JR45471.
    -------------------------------------------------------------
    The latest available maintenance information can be obtained
    from the Recommended Fixes for WebSphere Commerce technote:
    http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR44528

  • Reported component name

    WC BUS EDITION

  • Reported component ID

    5724I3800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-10-25

  • Closed date

    2013-02-22

  • Last modified date

    2013-02-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WC BUS EDITION

  • Fixed component ID

    5724I3800

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
28 February 2013