IBM Support

IBM WebSphere Application Server is not affected by DROWN (CVE-2016-0800)

Flashes (Alerts)


Abstract

IBM WebSphere Application Server Traditional and Liberty Profile are not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability.

Content

IBM WebSphere Application Server Traditional and Liberty Profile are not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. (CVE-2016-0800)

This vulnerability does NOT affect the SSL that is used by IBM WebSphere Application Server. The Server does not support the use of SSLv2.

As a reminder SSLv3 has also been removed for the IBM WebSphere Application Server http://www-01.ibm.com/support/docview.wss?uid=swg21687173

For information regarding the IBM HTTP Server - please refer to this flash: http://www-01.ibm.com/support/docview.wss?uid=swg21978317



IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty Profile do not support SSLv2. IBM highly recommends against using SSLv2 or SSLv3 in any other hardware or software offerings as these old versions are no longer suitable to be used given the inherited weakness of these protocols.

Change History:

03 March 2016: original document published

04 March 2016: added link to IHS flash

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5;8.0;7.0","Edition":"Base;Developer;Express;Liberty;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
25 September 2022

UID

swg21978292