Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181).

Flash (Alert)


Abstract

There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.

Content

There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.

WebSphere versions affected:

  • WebSphere Application Server, all platforms, Versions 8.0 through 8.0.0.2, 7.0 through 7.0.0.21, and 6.1 through 6.1.0.41, 6.0.2 through 6.0.2.43.
  • WebSphere Application Server Feature Pack for Web Services Versions 6.1.0.9 through 6.1.0.39.

WebSphere versions not impacted:

For JAX-WS Runtime:

  • WebSphere Application Server Versions 8.0.0.2 and later, and 7.0.0.21 and later.
  • WebShere Application Server Feature Pack for Web Services Versions 6.1.0.41 and later,
  • For JAX-RPC Runtime:
  • WebSphere Application Server Versions 8.0.0.3 and later, 7.0.0.23 and later, and 6.1.0.43 and later,

For a full description, affected product releases, and APARs/fixes, please see the complete published Security Exposure (ESAR) Flash for PM43585, PM43792, and PM45181 at:


http://www-01.ibm.com/support/docview.wss?uid=swg21587536


Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Security Policy Manager

Software version:

7.1

Operating system(s):

AIX, Linux xSeries, Linux zSeries, Solaris, Windows

Reference #:

1605397

Modified date:

2012-07-18

Translate my page

Machine Translation

Content navigation