IBM Support

PI34238;1.1.0: Interim fix for Dojo vulnerability

Download


Abstract

Interim fix for Dojo vulnerability

Download Description

PI34238 resolves the following problem:


ERROR DESCRIPTION:
Interim fix for Dojo vulnerability.

LOCAL FIX:
If the following dojox files are present in your application, but not used in your application,
remove them from your application and then redeploy and restart your application. If you are using a Dojo custom build that contains these files, you will need to redo your custom build and verify the files below are not included in the custom build. If you are using a web server to server Dojo content statically, then you will also need to remove the files the web server as well.

dojox/av/resources/audio.swf
dojox/av/resources/video.swf
dojox/form/resources/fileuploader.swf
dojox/form/resources/uploader.swf
dojox/embed/Flash

Please note dojo development trees containing the full dojo, dijit, and dojox trees often get deployed. In these cases the above files are present ,but not used by the application and should be removed.



PROBLEM SUMMARY:
Interim fix for Dojo vulnerability

PROBLEM CONCLUSION:
Apply Interim Fix. Two fixes for two different versions of the Feature Pack for Web 2.0 and Mobile are provided below:

1.1.0.4-WS-WAS8Web2Mobile-IFPI34238 - For WebSphere Application Server V8 Feature Pack for Web 2.0 and Mobile 1.1.0.4


1.1.0.4-WS-WASWeb2Mobile-IFPI34238 - For WebSphere Application Server V7 Feature Pack for Web 2.0 and Mobile 1.1.0.4

Reminder: After installing this fix, all instances where Dojo is used must be updated. Any installed J2EE application will need to be updated, redeployed, and restarted. Static content served through a web server will need to be updated. Any Dojo custom build that pulls in these dojox files will need to be redone using the updated Web 2.0 and Mobile source Dojo source tree.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2846","INURL":null}]
On
[{"DNLabel":"1.1.0.4-WS-WAS8Web2Mobile-IFPI34238","DNDate":"03-03-2015","DNLang":"US English","DNSize":"342324","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=1.1.0.4-WS-WAS8Web2Mobile-IFPI34238&productid=WebSphere Application Server Feature Pack for Web 2.0 and Mobile&brandid=5","DNURL_FTP":"","DDURL":null},{"DNLabel":"1.1.0.4-WS-WASWeb2Mobile-IFPI34238","DNDate":"14 Mar 2015","DNLang":"US English","DNSize":"99912","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=1.1.0.4-WS-WASWeb2Mobile-IFPI34238&productid=WebSphere Application Server Feature Pack for Web 2.0 and Mobile&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SS8SZ9","label":"WebSphere Application Server Feature Pack for Web 2.0 and Mobile"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF012","label":"IBM i"}],"Version":"1.1.0.4","Edition":"Edition Independent","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24039512