PM74909; Federated Repository susceptible to a DoS attack

Download

Abstract

Federated Repository with an underlying security realm of Windows local OS could be susceptible to a DoS attack.

Download Description

PM74909 resolves the following problem:

ERROR DESCRIPTION:
Potential Denial of Service with Federated Repository on Windows

LOCAL FIX:
fix

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server 6.1, 7.0, 8.0 and 8.5.

PROBLEM DESCRIPTION:
Federated Repository with an underlying security realm of Windows local operating system could be susceptible to a DoS attack.

RECOMMENDATION:
None

When WebSphere Application Server is configured to use the Federated Repository and the UserRegistry realm is the Windows local OS, there is an exposure for a Denial of Service attack.

Note that this is not an issue when using Active Directory. It is only an issue with Federated Repository with a Windows "local OS" realm.

The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.47, 7.0.0.29, 8.0.0.6, and 8.5.0.2. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions in the download file.

          [{"DNLabel":"8.0.0.0-WS-WAS-WinX32-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"211477","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WAS-WinX3264-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"211537","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX3264-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WAS-WinX64-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"214878","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX32-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214870","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214880","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX3264-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214890","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX3264-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.13-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"14987","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.13-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/7.0.0.27/7.0.0.13-WS-WAS-WinX64-IFPM74909.pak","DDURL":null},{"DNLabel":"6.1.0.33-WS-WAS-WinX32-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"11479","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.33-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/6.1.0.45/6.1.0.33-WS-WAS-WinX32-IFPM74909.pak","DDURL":null},{"DNLabel":"6.1.0.33-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"14887","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.33-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/6.1.0.45/6.1.0.33-WS-WAS-WinX64-IFPM74909.pak","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0;7.0.0.27;7.0.0.25;7.0.0.23;7.0.0.21;7.0.0.19;7.0.0.17;7.0.0.15;7.0.0.13;7.0;6.1.1;6.1.0.45;6.1.0.43;6.1.0.41;6.1.0.39;6.1.0.37;6.1.0.35;6.1.0.33","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PM74909

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24034722

Tips