If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.
PM71296 resolves the following problem:
ERROR DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.
LOCAL FIX:
None
PROBLEM SUMMARY
USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1, V7.0, V8.0, and V8.5
PROBLEM DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.
RECOMMENDATION:
None
PROBLEM CONCLUSION:
Code has been changed to resolve this security issue.
APAR PM71296 is currently targeted for inclusion in WebSphere Application Server Fix Packs 6.1.0.45, 7.0.0.25, 8.0.0.5, and 8.5.0.1.
Please refer to URL:
http://www.ibm.com/support/docview.wss?uid=swg27006970
for Fix Pack availability.
Please review the readme.txt for detailed installation instructions.
[{"INLabel":"Readme","INLang":"US English","INSize":"3920","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/readme.txt"}]
On
[{"DNLabel":"6.1.0.43-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"41478","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.43-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/6.1.0.43-WS-WAS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/6.1.0.43-WS-WAS-IFPM71296.pak"},{"DNLabel":"7.0.0.21-WS-WAS-MultiOS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"59667","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.21-WS-WAS-MultiOS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/7.0.0.21-WS-WAS-MultiOS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/7.0.0.21-WS-WAS-MultiOS-IFPM71296.pak"},{"DNLabel":"7.0.0.23-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"60083","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.23-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/7.0.0.23-WS-WAS-IFPM71296.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/7.0.0.23-WS-WAS-IFPM71296.pak"},{"DNLabel":"8.0.0.2-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296989","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.2-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.2-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.2-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.0.0.3-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296991","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.3-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.3-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.3-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.0.0.4-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"296980","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.4-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.0.0.4-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.0.0.4-WS-WAS-IFPM71296.zip"},{"DNLabel":"8.5.0.0-WS-WAS-IFPM71296","DNDate":"28 Aug 2012","DNLang":"US English","DNSize":"300831","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-IFPM71296&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/8.5.0.0-WS-WAS-IFPM71296.zip","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/8.5.0.0-WS-WAS-IFPM71296.zip"},{"DNLabel":"++APAR AM71462 for 6.1.0.43","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"451917","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/AM71462.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/AM71462.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/AM71462.terse"},{"DNLabel":"++APAR BM71296 for 7.0.0.23","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"54352","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/BM71296.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/BM71296.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/BM71296.terse"},{"DNLabel":"++APAR CM71296 for 7.0.0.21","DNDate":"28 Aug 2012","DNLang":"English","DNSize":"54028","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/CM71296.terse","DNURL_FTP":" ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM71296/CM71296.terse","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM71296/CM71296.terse"}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5;8.0.0.4;8.0.0.3;8.0.0.2;7.0.0.23;7.0.0.21;6.1.0.43","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]