PI58003:Cross-site scripting vulnerability in the OpenID Connect client web application

Download

Abstract

Cross-site scripting vulnerability in the OpenID Connect client web application for the WebSphere Application Server Liberty Profile

Download Description

PI58003 resolves the following problem:

ERROR DESCRIPTION:
There is a cross-site scripting vulnerability in the OpenID Connect client web application.

PROBLEM SUMMARY:
There is a cross-site scripting vulnerability in the OpenID Connect client web application.

PROBLEM CONCLUSION:
The cross-site scripting vulnerability is fixed.

THE FOLLOWING FIXES ARE PROVIDED:

8.5.5.6-WS-WLP-IFPI58003.pak applies to fixpack 8.5.5.6 only. Use this fix only if you are using the Installation Manager.
8.5.5.7-WS-WLP-IFPI58003.pak applies to fixpack 8.5.5.7 only. Use this fix only if you are using the Installation Manager.
8.5.5.8-WS-WLP-IFPI58003.pak applies to fixpack 8.5.5.8 only. Use this fix only if you are using the Installation Manager.
8556-wlp-archive-IFPI58003.zip applies to the Liberty profile, fixpack 8.5.5.6.
8557-wlp-archive-IFPI58003.zip applies to the Liberty profile, fixpack 8.5.5.7.
8558-wlp-archive-IFPI58003.zip applies to the Liberty profile, fixpack 8.5.5.8.

Keywords: IBMWL3WSS, OIDC, LIBERTY, INTERIMFIX

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"v855 IM Fix Readme","INLang":"US English","INSize":"2247","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI58003/8.5.5.8/readme.txt"},{"INLabel":"v8556 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"2101","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI58003/8.5.5.6/readme.txt"},{"INLabel":"v8557 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"2096","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI58003/8.5.5.7/readme.txt"},{"INLabel":"v8558 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"2103","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI58003/8.5.5.8/readme.txt"}]

          [{"DNLabel":"8.5.5.6-WS-WLP-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"503256","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.6-WS-WLP-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.5.7-WS-WLP-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"505135","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.7-WS-WLP-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.5.8-WS-WLP-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"507634","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.8-WS-WLP-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8556-wlp-archive-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"2110130","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8556-wlp-archive-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8557-wlp-archive-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"2129567","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8557-wlp-archive-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8558-wlp-archive-IFPI58003","DNDate":"03-15-2016","DNLang":"US English","DNSize":"3117844","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8558-wlp-archive-IFPI58003&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF013","label":"Inspur K-UX"}],"Version":"8.5.5.6;8.5.5.7;8.5.5.8","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PI57265;PI58003

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24041971

Tips