Download
Abstract
Confidential for Security Integrity ifix
Download Description
PI25310 resolves the following problem:
ERROR DESCRIPTION:
WebSphere Application Server Communications Enabled Applications (CEA) Service could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. This only occurs if CEA is enabled. By default this is disabled.
LOCAL FIX:
PROBLEM SUMMARY:
Confidential for Security Integrity ifix.
PROBLEM CONCLUSION:
Confidential for Security Integrity ifix.
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24038968