APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . N/A
Local fix
N/A
Problem summary
Applications that validate HMAC - based digital signatures may bypass authentication.
Problem conclusion
This defect will be fixed in: 1.4.2 SR13 FP3 Integrating Sunbug Alert 6863503 to avoid timing attack vulnerabilities in MessageDigest.isEqual method.
Temporary fix
Comments
APAR Information
APAR number
PK99469
Reported component name
JAVA(1.3/1.4 CO
Reported component ID
5648C9800
Reported release
42A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2009-10-23
Closed date
2010-03-03
Last modified date
2010-03-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA(1.3/1.4 CO
Fixed component ID
5648C9800
Applicable component levels
R14A PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.4.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
09 February 2022