Possible security exposure with Information Services Director and WS-Security enabled services
Information Services Director applications with WS-Security enabled face a possible security exposure within WebSphere Application Server.
Information Services Director utilizes JAX-RPC for implementing applications within WebSphere Application Server. Information Services Director applications using the SOAP over HTTP or SOAP over JMS bindings, and with WS-Security enabled, could be potentially affected by this issue.
More detailed information regarding this security issue is available in technote 1587536 for WebSphere Application Server (WAS), located in the related information section below.
To obtain the fix:
Step 1. Determine your WebSphere Application Server Version
The first few lines in the SystemOut.log file will tell you the exact version of WebSphere Application Server (WAS) that is being used, as show in the sample given here:
************ Start Display Current Environment ************
WebSphere Platform 6.0 [BASE 188.8.131.52 cf110623.10] running with process name coutureNode01Cell\coutureNode01\server1 and process id 16195
In this sample above, the exact version is 184.108.40.206. The location of this file will vary based on the platform and choice of installation directory by the user. The default value will usually be something similar to:
Step 2. Locate the version in the WAS Technote 1587536 and then choose a fix method
You can either install the individual JAX-RPC fixes which are identified in the technote, or alternatively you can install the necessary WebSphere Application Server fixpack which contains the fix.
|Information Management||InfoSphere Information Server|
More support for:
InfoSphere Information Services Director
Software version: 8.0, 8.1, 8.5, 8.7
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 1605066
Modified date: 13 July 2012