Potential security exposure with IBM WebSphere Application Server with JAX-WS or JAX-RS (PM14844, PM14847, PM14765)
WebSphere Industry Content Packs bundles WebSphere Application Server CE as part of the product. This security exposure may be encountered by WebSphere Industry Content Pack users thatare using the Asset Navigator component.
The web services run-time might allow an attacker to cause a denial of service or remotely read arbitrary files on the file system where the run-time is installed. This vulnerability might potentially be exploited on any installation that receives XML messages from untrusted sources. This vulnerability was originally reported by the Apache community's Axis2 project in security advisory CVE-2010-1632.
Please refer to following flash from WebSphere Application Server to obtain the resolution steps:
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.