Federated Repository with an underlying security realm of Windows local OS could be susceptible to a DoS attack.
PM74909 resolves the following problem:
ERROR DESCRIPTION:
Potential Denial of Service with Federated Repository on Windows
LOCAL FIX:
fix
PROBLEM SUMMARY
USERS AFFECTED:
All users of IBM WebSphere Application Server 6.1, 7.0, 8.0 and 8.5.
PROBLEM DESCRIPTION:
Federated Repository with an underlying security realm of Windows local operating system could be susceptible to a DoS attack.
RECOMMENDATION:
None
When WebSphere Application Server is configured to use the Federated Repository and the UserRegistry realm is the Windows local OS, there is an exposure for a Denial of Service attack.
Note that this is not an issue when using Active Directory. It is only an issue with Federated Repository with a Windows "local OS" realm.
The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.47, 7.0.0.29, 8.0.0.6, and 8.5.0.2. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980
Please review the readme.txt for detailed installation instructions in the download file.
On
[{"DNLabel":"8.0.0.0-WS-WAS-WinX32-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"211477","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WAS-WinX3264-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"211537","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX3264-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WAS-WinX64-IFPM74909","DNDate":"28 Mar 2013","DNLang":"US English","DNSize":"214878","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.0-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX32-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214870","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214880","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-WinX3264-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"214890","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.0-WS-WAS-WinX3264-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.13-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"14987","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.13-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/7.0.0.27/7.0.0.13-WS-WAS-WinX64-IFPM74909.pak","DDURL":null},{"DNLabel":"6.1.0.33-WS-WAS-WinX32-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"11479","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.33-WS-WAS-WinX32-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/6.1.0.45/6.1.0.33-WS-WAS-WinX32-IFPM74909.pak","DDURL":null},{"DNLabel":"6.1.0.33-WS-WAS-WinX64-IFPM74909","DNDate":"07 Apr 2013","DNLang":"US English","DNSize":"14887","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.33-WS-WAS-WinX64-IFPM74909&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PM74909/6.1.0.45/6.1.0.33-WS-WAS-WinX64-IFPM74909.pak","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0;7.0.0.27;7.0.0.25;7.0.0.23;7.0.0.21;7.0.0.19;7.0.0.17;7.0.0.15;7.0.0.13;7.0;6.1.1;6.1.0.45;6.1.0.43;6.1.0.41;6.1.0.39;6.1.0.37;6.1.0.35;6.1.0.33","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]