IBM Support

Fix Available: Potential security vulnerability when using Web-based applications on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (PM53930)

Flash (Alert)


Potential Denial of Service (DoS) security exposure when using Web-based applications due to JavaHashTable implementation vulnerability.


** Note: This is a republish of an older flash. It does not affect WebSphere Portal 8.0 or later releases. **

This information is extracted from a FLASH from the IBM WebSphere Application Server support team, available in its entirety at this link:

Many IBM software applications run on top of the WebSphere Application Server and could be affected by this issue. Refer to your administrator, the system logs or installation records to determine if your environment is affected and follow the appropriate recommendations to address the problem.

CVE ID: CVE-2012-0193

Versions affected:
The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:

  • Version 8.0 through
  • Version 7.0 through
  • Version 6.1 through
  • Version 6.0 through

Problem Description:
Customers who have Web-based applications are impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.

CVSS Base Score: 5
CVSS Temporal Score: See for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Install Interim Fix for APAR PM53930 (or a ++APAR for WebSphere Application Server for z/OS), or a Fix Pack containing this APAR, as noted in the FLASH available from the WebSphere Application Server support team ( Link opens in a new window).

Cross reference information
Segment Product Component Platform Version Edition
Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS 7.0, 6.1.5, 6.1.0, 6.1 Java edition
Organizational Productivity- Portals & Collaboration Lotus Quickr for WebSphere Portal Security AIX, HP-UX, Linux, Windows 8.5, 8.1, 8.0 All Editions
Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS 6.0 Java edition

Document information

More support for: WebSphere Portal
WebSphere Application Server Integration

Software version: 6.0, 6.1, 6.1.0, 6.1.5, 7.0

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Enable, Express, Extend, Hypervisor Edition, Server

Reference #: 1578504

Modified date: 17 January 2012

Translate this page: