Action Required: Using WebSphere Portal with Application Server version 6.0.2.19 or below

Preventive Service Planning


Abstract

If your WebSphere Portal version 6.0 or 5.1 is deployed on WebSphere Application Server Fix Pack 19 for 6.0.2 (6.0.2.19) or below, you should apply the recommended fix for PK41446 to resolve the situation that may exist where, after a closed connection error, the Web container may corrupt a buffer being used to send a response. This could have security exposure implications and allow information intended for one user to be accessed by another.

This situation has not been reproduced in IBM testing with WebSphere Portal but the risk for vulnerability exists.

Content

From the WebSphere Application Server support page "PK41446; Possible response buffer corruption after closed connection error" (#4015854):
If a closed connection exception occurs, for example because a request is canceled whilst a response to the request is still being sent, based on timing the following three scenarios are possible:

  • Things clean-up correctly and no problem occurs. This is the most likely outcome.
  • Some response data of the cancelled request is added to the response of a subsequent request.
  • Some response data for a first subsequent request is added to the response of a different subsequent request.

Reminder: Interim Fixes and Upgrades of this nature are fully supported by our WebSphere Portal Support Statement in the V6.0 Information Center.

Related information

Application Server Recommended Updates page

Cross reference information
Segment Product Component Platform Version Edition
Organizational Productivity- Portals & Collaboration WebSphere Portal End of Support Products WebSphere Application Server Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows 5.1

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Portal End of Support Products
WebSphere Portal

Software version:

6.0

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, i5/OS

Software edition:

Enable, Express, Extend, Server

Reference #:

1261071

Modified date:

2007-06-22

Translate my page

Machine Translation

Content navigation