IBM Support

Fix Available: Potential security vulnerability when using Web-based applications on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (PM53930)

Flash (Alert)


Potential Denial of Service (DoS) security exposure when using Web-based applications due to JavaHashTable implementation vulnerability.


** Note: This is a republish of an older flash. It does not affect WebSphere Portal 8.0 or later releases. **

This information is extracted from a FLASH from the IBM WebSphere Application Server support team, available in its entirety at this link:

Many IBM software applications run on top of the WebSphere Application Server and could be affected by this issue. Refer to your administrator, the system logs or installation records to determine if your environment is affected and follow the appropriate recommendations to address the problem.

CVE ID: CVE-2012-0193

Versions affected:
The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:

  • Version 8.0 through
  • Version 7.0 through
  • Version 6.1 through
  • Version 6.0 through

    Problem Description:
    Customers who have Web-based applications are impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.

    CVSS Base Score: 5
    CVSS Temporal Score: See for the current score
    CVSS Environmental Score*: Undefined
    CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

    Install Interim Fix for APAR PM53930 (or a ++APAR for WebSphere Application Server for z/OS), or a Fix Pack containing this APAR, as noted in the FLASH available from the WebSphere Application Server support team (Link opens in a new window).

  • Cross reference information
    Segment Product Component Platform Version Edition
    Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS 7.0, 6.1.5, 6.1.0, 6.1 Java edition
    Organizational Productivity- Portals & Collaboration Lotus Quickr for WebSphere Portal Security AIX, HP-UX, Linux, Windows 8.5, 8.1, 8.0 All Editions
    Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS 6.0 Java edition

    Document information

    More support for: WebSphere Portal
    WebSphere Application Server Integration

    Software version: 6.0, 6.1, 6.1.0, 6.1.5, 7.0

    Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

    Software edition: Enable, Express, Extend, Hypervisor Edition, Server

    Reference #: 1578504

    Modified date: 17 January 2012

    Translate this page: