IBM Support

PI23055;8.5.5: Potential XSS and CSRF (CVE-2014-4770 and CVE-2014-4816)

Downloadable files


Abstract

There is a potential cross-site scripting (XSS) and a potential cross-site request forgery (CSRF) security vulnerability in WebSphere Application Server.

Download Description

PI23055 resolves the following problem:



ERROR DESCRIPTION:
Potential security exposure in WebSphere Application Server

LOCAL FIX:

PROBLEM SUMMARY:
IBM WebSphere Application Server may be vulnerable to cross-site scripting or cross-site request forgery in the Admin Console.

PROBLEM CONCLUSION:
The code has been updated to resolve this issue.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL LANGUAGE SIZE(Bytes)
Readme US English 2223

Download package



Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
8.5.5.0-WS-WASBase-IFPI23055 09-16-2014 US English 341809 HTTP
8.5.5.0-WS-WASND-IFPI23055 09-16-2014 US English 394377 HTTP

Technical support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PI05089, PI07808, PI13887, PI17532, PI19624, PI23055

Document information

More support for: WebSphere Application Server
Administrative Console (all non-scripting)

Software version: 6.1.0.47, 8.5.5, 8.5.5.1, 8.5.5.2, 8.5.5.3

Operating system(s): AIX, HP-UX, IBM i, Inspur K-UX, Linux, Solaris, Windows, iOS, z/OS

Software edition: Advanced, Base, Developer, Enterprise, Network Deployment, Single Server

Reference #: 4038403

Modified date: 18 September 2014