Downloadable files
Abstract
Potential security exposure with the JAX-WS WS-Security runtime and the Timestamp element
Download Description
PM08360 resolves the following problem:
ERROR DESCRIPTION:
When the WS-Security policy for a JAX-WS application specifies
a Timestamp element, there is a potential risk of a security
exposure.
LOCAL FIX:
na
PROBLEM SUMMARY
USERS AFFECTED:
IBM WebSphere Application Server Feature
Pack for Web Services users of WS-Security
enabled JAX-WS applications utilizing Timestamp.
JAX-RPC applications are not impacted.
PROBLEM DESCRIPTION:
When using a WS-Security enabled JAX-WS web service application,
if the WS-Security policy specifies 'IncludeTimestamp', there
is a potential risk of security exposure.
WS-Security enabled JAX-RPC web service applications are not
impacted.
RECOMMENDATION:
Install a fixpack or ifix that includes this APAR.
PROBLEM CONCLUSION:
The JAX-WS WS-Security runtime is updated to eliminate the
potential security exposure.
After an fixpack or an ifix containing this APAR is
applied, the WS-Security runtime might reject SOAP messages
with an error related to the Timestamp element. If this
problem occurs, ensure that the WS-Security policy for
both the consumer and provider match.
For more information about the use of Timestamp in
WebSphere WS-Security and the precautions that should be
taken, refer to the following WebSphere Application Server
Information Center document on the Timestamp element:
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v610ws&product=was-base-dist&topic=cwbs_timestamp
The fix for this APAR is currently targeted for inclusion in
fix pack 6.1.0.33. Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
| URL | LANGUAGE | SIZE(Bytes) |
|---|---|---|
| UpdateInstaller | US English | 7250000 |
Installation Instructions
Please review the readme.txt for detailed installation instructions.
| URL | LANGUAGE | SIZE(Bytes) |
|---|---|---|
| Readme | US English | 8108 |
Download package
| Download | RELEASE DATE | LANGUAGE | SIZE(Bytes) | Download Options What is Fix Central (FC)? What is DD? |
|---|---|---|---|---|
| 6.1.0.29-WS-WASWebSvc-IFPM08360 | 8/19/2010 | US English | 503797 | FC FTP DD |
| 6.1.0.31-WS-WASWebSvc-IFPM08360 | 8/19/2010 | US English | 334652 | FC FTP DD |
Technical support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.