IBM Support

PI33012;8.0.0,8.5.0.0,8.5.5.0: Cross-site scripting in Administrative console

Download


Abstract

Interim fix for cross-site scripting issue in dojo in the administrative console

Download Description

PI33012 resolves the following problem:

ERROR DESCRIPTION:
IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials

LOCAL FIX:

PROBLEM SUMMARY:
IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

PROBLEM CONCLUSION:
Apply the interim fix or fixpack containing this APAR.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2218","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI33012/8.0.0.9/readme.txt"},{"INLabel":"Readme8.5","INLang":"English","INSize":"2218","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI33012/8.5.5.4/readme.txt"},{"INLabel":"Readme8.5.5.5","INLang":"English","INSize":"2218","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI33012/8.5.5.5/readme.txt"}]
On
[{"DNLabel":"8.0.0.0-WS-WASProd-IFPI33012","DNDate":"03-13-2015","DNLang":"US English","DNSize":"6382814","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WASProd-IFPI33012&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WASProd-IFPI33012","DNDate":"27 Mar 2015","DNLang":"English","DNSize":"6375903","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WASProd-IFPI33012&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0-WS-WASProd-IFPI33012","DNDate":"27 Mar 2015","DNLang":"English","DNSize":"6378714","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.0-WS-WASProd-IFPI33012&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.5-WS-WASProd-IFPI33012.zip","DNDate":"2 Apr 2015","DNLang":"English","DNSize":"6373691","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.5-WS-WASProd-IFPI33012&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.10-WS-WASProd-IFPI33012","DNDate":"14 Jul 2015","DNLang":"English","DNSize":"638281","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.10-WS-WASProd-IFPI33012&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Administrative Console (all non-scripting)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24039593