Download
Abstract
Code injection security problem in iehs.war
Download Description
PM62795 resolves the following problem:
ERROR DESCRIPTION:
Vulnerability in the help system for WebSphere Application
Server.
LOCAL FIX:
PROBLEM SUMMARY
USERS AFFECTED:
All users of IBM WebSphere Application
Server using the help subsystem in the
adminstrative console.
PROBLEM DESCRIPTION:
Code injection security problem in
iehs.war
RECOMMENDATION:
None
Ability to inject malicious javascript in iehs jsp.
PROBLEM CONCLUSION:
Remove excecution of malicious javascript from iehs jsp.
The fix for this APAR is currently targeted for inclusion in
fix pack 8.0.0.4 Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.
Prerequisites
None
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24032861