Fix Available: Potential security vulnerability when using Web-based applications on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (PM53930)
Potential Denial of Service (DoS) security exposure when using Web-based applications due to JavaHashTable implementation vulnerability.
** Note: This is a republish of an older flash. It does not affect WebSphere Portal 8.0 or later releases. **
This information is extracted from a FLASH from the IBM WebSphere Application Server support team, available in its entirety at this link: http://www.ibm.com/support/docview.wss?uid=swg21577532
Many IBM software applications run on top of the WebSphere Application Server and could be affected by this issue. Refer to your administrator, the system logs or installation records to determine if your environment is affected and follow the appropriate recommendations to address the problem.
CVE ID: CVE-2012-0193
The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:
- Version 8.0 through 18.104.22.168.
- Version 7.0 through 22.214.171.124
- Version 6.1 through 126.96.36.199
- Version 6.0 through 188.8.131.52
Customers who have Web-based applications are impacted by this vulnerability which can cause performance or Denial of Service (DoS) issues.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72298 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Install Interim Fix for APAR PM53930 (or a ++APAR for WebSphere Application Server for z/OS), or a Fix Pack containing this APAR, as noted in the FLASH available from the WebSphere Application Server support team ( Link opens in a new window).
|Enterprise Content Management||IBM Web Content Manager||Portal Integration||AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS||7.0, 6.1.5, 6.1.0, 6.1||Java edition|
|Organizational Productivity- Portals & Collaboration||Lotus Quickr for WebSphere Portal||Security||AIX, HP-UX, Linux, Windows||8.5, 8.1, 8.0||All Editions|
|Enterprise Content Management||Workplace Web Content Management||Portal Integration||AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS||6.0||Java edition|
More support for:
WebSphere Application Server Integration
Software version: 6.0, 6.1, 6.1.0, 6.1.5, 7.0
Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS
Software edition: Enable, Express, Extend, Hypervisor Edition, Server
Reference #: 1578504
Modified date: 17 January 2012