Flashes (Alerts)
Abstract
Information Services Director applications with WS-Security enabled face a possible security exposure within WebSphere Application Server.
Content
Information Services Director utilizes JAX-RPC for implementing applications within WebSphere Application Server. Information Services Director applications using the SOAP over HTTP or SOAP over JMS bindings, and with WS-Security enabled, could be potentially affected by this issue.
More detailed information regarding this security issue is available in technote 1587536 for WebSphere Application Server (WAS), located in the related information section below.
To obtain the fix:
Step 1. Determine your WebSphere Application Server Version
The first few lines in the SystemOut.log file will tell you the exact version of WebSphere Application Server (WAS) that is being used, as show in the sample given here:
************ Start Display Current Environment ************
WebSphere Platform 6.0 [BASE 6.0.2.11 cf110623.10] running with process name coutureNode01Cell\coutureNode01\server1 and process id 16195
In this sample above, the exact version is 6.0.2.11. The location of this file will vary based on the platform and choice of installation directory by the user. The default value will usually be something similar to:
/opt/IBM/WebSphere/AppServer/profiles/default/logs/server1/
Step 2. Locate the version in the WAS Technote 1587536 and then choose a fix method
You can either install the individual JAX-RPC fixes which are identified in the technote, or alternatively you can install the necessary WebSphere Application Server fixpack which contains the fix.
Related Information
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21605066