IBM Support

PM71296; 8.0.0.4: An authenticated user may gain access to unauthorized resource

Downloadable files


Abstract

If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

Download Description

PM71296 resolves the following problem:

ERROR DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

LOCAL FIX:
None

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1, V7.0, V8.0, and V8.5

PROBLEM DESCRIPTION:
If you have installed an interim fix for PM44303 or a fix pack containing PM44303, there is the potential for an authenticated user to gain access to unauthorized resources.

RECOMMENDATION:
None

PROBLEM CONCLUSION:
Code has been changed to resolve this security issue.

APAR PM71296 is currently targeted for inclusion in WebSphere Application Server Fix Packs 6.1.0.45, 7.0.0.25, 8.0.0.5, and 8.5.0.1.

Please refer to URL:
http://www.ibm.com/support/docview.wss?uid=swg27006970
for Fix Pack availability.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL LANGUAGE SIZE(Bytes)
Readme US English 3920

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
What is DD?
6.1.0.43-WS-WAS-IFPM71296 28 Aug 2012 US English 41478 FC FTP DD
7.0.0.21-WS-WAS-MultiOS-IFPM71296 28 Aug 2012 US English 59667 FC FTP DD
7.0.0.23-WS-WAS-IFPM71296 28 Aug 2012 US English 60083 FC FTP DD
8.0.0.2-WS-WAS-IFPM71296 28 Aug 2012 US English 296989 FC FTP DD
8.0.0.3-WS-WAS-IFPM71296 28 Aug 2012 US English 296991 FC FTP DD
8.0.0.4-WS-WAS-IFPM71296 28 Aug 2012 US English 296980 FC FTP DD
8.5.0.0-WS-WAS-IFPM71296 28 Aug 2012 US English 300831 FC FTP DD
++APAR AM71462 for 6.1.0.43 28 Aug 2012 English 451917 FC FTP DD
++APAR BM71296 for 7.0.0.23 28 Aug 2012 English 54352 FC FTP DD
++APAR CM71296 for 7.0.0.21 28 Aug 2012 English 54028 FC FTP DD

Technical support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PM44303, PM71296

Document information

More support for: WebSphere Application Server
Security

Software version: 6.1.0.43, 7.0.0.21, 7.0.0.23, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.5

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Base, Express, Network Deployment

Reference #: 4033359

Modified date: 29 August 2012


Translate this page: