Download
Abstract
Potential security vulnerability
Download Description
PM86780 resolves the following problem:
ERROR DESCRIPTION:
Potential security vulnerability
LOCAL FIX:
PROBLEM SUMMARY:
Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability. The OpenJPA code ships with the WebSphere Application Server but WebSphere Application Server is NOT vulnerable to this issue.
PROBLEM CONCLUSION:
The code has been updated to resolve this issue.
http://www-01.ibm.com/support/docview.wss?&uid=swg21635999
ERROR DESCRIPTION:
Potential security vulnerability
LOCAL FIX:
PROBLEM SUMMARY:
Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability. The OpenJPA code ships with the WebSphere Application Server but WebSphere Application Server is NOT vulnerable to this issue.
PROBLEM CONCLUSION:
The code has been updated to resolve this issue.
For more information please refer to this security bulletin:
http://www-01.ibm.com/support/docview.wss?&uid=swg21635999
Prerequisites
NONE
Installation Instructions
Please review the readme.txt for detailed installation instructions.
[{"INLabel":"Readme","INLang":"US English","INSize":"4865 B","INURL":"https://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM86780/7.0.0.27/readme.txt"}]
On
[{"DNLabel":"7.0.0.25-WS-WAS-IFPM86780","DNDate":"06-11-2013","DNLang":"US English","DNSize":"6640760","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.25-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.4-WS-WAS-IFPM86780","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"8511608","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.4-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.1-WS-WAS-IFPM86780","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"7052083","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]
Technical Support
Contact IBM Support (https://www.ibm.com/mysupport/), visit the WebSphere Application Server support web site (https://www.ibm.com/mysupport/s/topic/0TO500000001DQQGA2/websphere-application-server?productId=01t50000004uSkiAAE), or contact 1-800-IBM-SERV (U.S. only).
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java Persistence API (JPA)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.0.2;8.5.0.1;8.0.0.6;8.0.0.5;8.0.0.4;7.0.0.27;7.0.0.25","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
22 October 2021
UID
swg24035168