IBM Support

PI34238;1.1.0: interim fix for Dojo vulnerability

Download


Abstract

Interim fix for Dojo vulnerability

Download Description

PI34238 resolves the following problem:


ERROR DESCRIPTION:
Interim fix for Dojo vulnerability

LOCAL FIX:
If the following dojox files are present in your application, but not used in your application,
remove them from your application and then redeploy and restart your application. If you are using a Dojo custom build that contains these files, you will need to redo your custom build and verify the files below are not included in the custom build. If you are using a web server to server Dojo content statically, then you will also need to remove the files the web server as well.

dojox/av/resources/audio.swf
dojox/av/resources/video.swf
dojox/form/resources/fileuploader.swf
dojox/form/resources/uploader.swf
dojox/embed/Flash

Please note dojo development trees containing the full dojo, dijit, and dojox trees often get deployed. In these cases the above files are present ,but not used by the application and should be removed.


PROBLEM SUMMARY:

Interim fix for Dojo vulnerability



PROBLEM CONCLUSION:
Apply interim fix.

Reminder: After installing this fix, all instances where Dojo is used must be updated. Any installed J2EE application will need to be updated with installed ifix content, redeployed, and restarted. Static content served through a web server will need to be updated. Any Dojo custom build that pulls in these dojox files will need to be redone using the fixed Web 2.0 and Mobile source Dojo source tree.

Prerequisites

None

On
[{"DNLabel":"1.0.1.1-WS-WASWeb20-IFPI34238","DNDate":"14 Mar 2015","DNLang":"US English","DNSize":"38679","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=1.0.1.1-WS-WASWeb20-IFPI34238&productid=WebSphere%20Application%20Server%20Feature%20Pack%20for%20Web%202.0&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSR2SE","label":"WebSphere Application Server Feature Pack for Web 2.0"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"1.0.1.1","Edition":"Edition Independent","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24039560