Fix Available: Potential security vulnerability when using Web-based applications on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (PM53930)

Flash (Alert)


Abstract

Potential Denial of Service (DoS) security exposure when using Web-based applications due to JavaHashTable implementation vulnerability.

Content

This information is extracted from a FLASH from the IBM WebSphere Application Server support team, available in its entirety at this link: http://www.ibm.com/support/docview.wss?uid=swg21577532

Many IBM software applications run on top of the WebSphere Application Server and could be affected by this issue. Refer to your administrator, the system logs or installation records to determine if your environment is affected and follow the appropriate recommendations to address the problem.



CVE ID: CVE-2012-0193

Versions affected:
The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:

  • Version 8.0 through 8.0.0.2.
  • Version 7.0 through 7.0.0.21
  • Version 6.1 through 6.1.0.41
  • Version 6.0 through 6.0.2.43

Problem Description:
Customers who have Web-based applications are impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/72298 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


Solutions:
Install Interim Fix for APAR PM53930 (or a ++APAR for WebSphere Application Server for z/OS), or a Fix Pack containing this APAR, as noted in the FLASH available from the WebSphere Application Server support team ( Link opens in a new window).


    Cross reference information
    Segment Product Component Platform Version Edition
    Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS 7.0, 6.1.5, 6.1.0, 6.1 Java edition
    Organizational Productivity- Portals & Collaboration Lotus Quickr for WebSphere Portal Security AIX, HP-UX, Linux, Windows 8.5, 8.1, 8.0 All Editions
    Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS 6.0 Java edition

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Portal
WebSphere Application Server Integration

Software version:

6.0, 6.1, 6.1.0, 6.1.5, 7.0

Operating system(s):

AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition:

Enable, Express, Extend, Hypervisor Edition, Server

Reference #:

1578504

Modified date:

2012-01-17

Translate my page

Machine Translation

Content navigation