Potential security exposure with IBM WebSphere Application Server with JAX-WS or JAX-RS

Flash (Alert)


Abstract

Potential security exposure with IBM WebSphere Application Server with JAX-WS or JAX-RS (PM14844, PM14847, PM14765)

Content

WebSphere Industry Content Packs bundles WebSphere Application Server CE as part of the product. This security exposure may be encountered by WebSphere Industry Content Pack users thatare using the Asset Navigator component.

The web services run-time might allow an attacker to cause a denial of service or remotely read arbitrary files on the file system where the run-time is installed. This vulnerability might potentially be exploited on any installation that receives XML messages from untrusted sources. This vulnerability was originally reported by the Apache community's Axis2 project in security advisory CVE-2010-1632.

Please refer to following flash from WebSphere Application Server to obtain the resolution steps:
http://www.ibm.com/support/docview.wss?uid=swg21433581 .


Related information

Resolution for Potential Security Exposure

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Industry Content Packs

Software version:

7.0, 7.0.0.1, 7.0.0.2

Operating system(s):

Windows

Reference #:

1441613

Modified date:

2011-07-08

Translate my page

Machine Translation

Content navigation