PI56811: CVE-2015-0254 for IBM WebSphere Application Server

Download

Abstract

Potential security vulnerability in IBM WebSphere Application Server (CVE-2015-0254)

Download Description

PI56811 resolves the following problem:

ERROR DESCRIPTION:
Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system.

PROBLEM CONCLUSION:
Updated the code to fix the vulnerability.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"V85 Readme","INLang":"US English","INSize":"2862","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI56811/8.5.5.9/readme.txt"},{"INLabel":"V80 Readme","INLang":"US English","INSize":"2852","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI56811/8.0.0.12/readme.txt"},{"INLabel":"V70 Readme","INLang":"US English","INSize":"5622","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI56811/7.0.0.41/readme.txt"},{"INLabel":"V61 Readme","INLang":"US English","INSize":"7117","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI56811/6.1.0.47/readme.txt"},{"INLabel":"V85 Liberty Readme","INLang":"US English","INSize":"2771","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI56811/8.5.5.9/readme.txt"},{"INLabel":"V85 Liberty IM Readme","INLang":"US English","INSize":"2632","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI56811/8.5.5.9/readme_Liberty_IM.txt"}]

          [{"DNLabel":"8.5.0.0-WS-WAS-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"277868","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WAS-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WAS-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"275265","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WAS-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.0-WS-WAS-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"20535","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.0-WS-WAS-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.11-WS-WAS-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"224211","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.11-WS-WAS-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.0-WS-WAS-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"19276","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=6.1.0.0-WS-WAS-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8558-wlp-archive-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"5514314","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8558-wlp-archive-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8559-wlp-archive-IFPI56811","DNDate":"06-02-2016","DNLang":"US English","DNSize":"5591004","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8559-wlp-archive-IFPI56811&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.8-WS-WLP-IFPI56811","DNDate":"14 Jul 2016","DNLang":"US English","DNSize":"2904634","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.8-WS-WLP-IFPI56811&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.9-WS-WLP-IFPI56811","DNDate":"14 Jul 2016","DNLang":"US English","DNSize":"2907871","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.9-WS-WLP-IFPI56811&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1;6.1.0.1;6.1.0.11;6.1.0.13;6.1.0.14;6.1.0.15;6.1.0.17;6.1.0.19;6.1.0.2;6.1.0.21;6.1.0.23;6.1.0.25;6.1.0.27;6.1.0.29;6.1.0.3;6.1.0.31;6.1.0.33;6.1.0.35;6.1.0.37;6.1.0.39;6.1.0.41;6.1.0.43;6.1.0.45;6.1.0.47;6.1.0.5;6.1.0.7;6.1.0.9;7.0;7.0.0.1;7.0.0.11;7.0.0.13;7.0.0.15;7.0.0.17;7.0.0.19;7.0.0.21;7.0.0.23;7.0.0.25;7.0.0.27;7.0.0.29;7.0.0.3;7.0.0.31;7.0.0.33;7.0.0.35;7.0.0.37;7.0.0.39;7.0.0.41;7.0.0.5;7.0.0.7;7.0.0.9;8.0;8.0.0.1;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.2;8.0.0.3;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.5;8.5.0.1;8.5.0.2;8.5.5;8.5.5.1;8.5.5.2;8.5.5.3;8.5.5.4;8.5.5.5;8.5.5.6;8.5.5.7;8.5.5.8;8.5.5.9","Edition":"Advanced;Base;Developer;Enterprise;Express;Feature Pack for CEA;Feature Pack for EJB 3.0;Feature Pack for Modern Batch;Feature Pack for OSGi Applications and Java Persistence API 2.0;Feature Pack for SCA;Feature Pack for Web 2.0;Feature Pack for Web Services;Feature Pack for XML;Liberty;Network Deployment;Single Server;WebSphere Business Integration Server Foundation","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PI56811

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24042357

Tips