Possible security exposure with Information Services Director and WS-Security enabled services

Flash (Alert)


Abstract

Information Services Director applications with WS-Security enabled face a possible security exposure within WebSphere Application Server.

Content

Information Services Director utilizes JAX-RPC for implementing applications within WebSphere Application Server. Information Services Director applications using the SOAP over HTTP or SOAP over JMS bindings, and with WS-Security enabled, could be potentially affected by this issue.

More detailed information regarding this security issue is available in technote 1587536 for WebSphere Application Server (WAS), located in the related information section below.

To obtain the fix:



Step 1. Determine your WebSphere Application Server Version

The first few lines in the SystemOut.log file will tell you the exact version of WebSphere Application Server (WAS) that is being used, as show in the sample given here:

************ Start Display Current Environment ************
WebSphere Platform 6.0 [BASE 6.0.2.11 cf110623.10]  running with process name coutureNode01Cell\coutureNode01\server1 and process id 16195

In this sample above, the exact version is 6.0.2.11. The location of this file will vary based on the platform and choice of installation directory by the user. The default value will usually be something similar to:

/opt/IBM/WebSphere/AppServer/profiles/default/logs/server1/



Step 2. Locate the version in the WAS Technote 1587536 and then choose a fix method

You can either install the individual JAX-RPC fixes which are identified in the technote, or alternatively you can install the necessary WebSphere Application Server fixpack which contains the fix.


Related information

WebSphere Technote Flash 1587536

Cross reference information
Segment Product Component Platform Version Edition
Information Management InfoSphere Information Server

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

InfoSphere Information Services Director

Software version:

8.0, 8.1, 8.5, 8.7

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1605066

Modified date:

2012-07-13

Translate my page

Machine Translation

Content navigation