IBM Support

PM62795; 8.5: Code injection security problem in iehs.war

Download


Abstract

Code injection security problem in iehs.war

Download Description

PM62795 resolves the following problem:

ERROR DESCRIPTION:
Vulnerability in the help system for WebSphere Application
Server.

LOCAL FIX:

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application
Server using the help subsystem in the
adminstrative console.

PROBLEM DESCRIPTION:
Code injection security problem in
iehs.war

RECOMMENDATION:
None

Ability to inject malicious javascript in iehs jsp.

PROBLEM CONCLUSION:
Remove excecution of malicious javascript from iehs jsp.

The fix for this APAR is currently targeted for inclusion in
fix pack 8.0.0.4 Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980


Note: This interim fix can also be installed using Install Manager (IM) with the
Web-based ("live") repository provided by IBM.

Prerequisites

None

On
[{"DNLabel":"8.5.0.0-WS-WAS-IFPM62795","DNDate":"15 Jun 2012","DNLang":"US English","DNSize":"205117","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-IFPM62795&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Sessions and Session Management","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF012","label":"IBM i"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24032861