IBM Support

PI63929:Potential open redirect security vulnerability in WebSphere Application Server Liberty

Download


Abstract

Potential open redirect security vulnerability in WebSphere Application Server Liberty CVE-2016-3040

Download Description

PI63929 resolves the following problem:

ERROR DESCRIPTION:
Potential open redirect vulnerablitiy in WebSphere Application
Server Liberty
CVEID: CVE-2016-3040
DESCRIPTION: IBM WebSphere Application Server Liberty could
allow a remote attacker to conduct phishing attacks, caused by
an open redirect vulnerability. An attacker could exploit this
vulnerability to redirect a victim to arbitrary Web sites.
CVSS Base Score: 6.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/114636 for
the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N)

LOCAL FIX:
N/A

PROBLEM SUMMARY:
Potential open redirect security vulnerability in WebSphere Application Server Liberty CVE-2016-3040

PROBLEM CONCLUSION:
The potential security vulnerability was resolved.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"V16.0.0.2. Readme","INLang":"US English","INSize":"2957","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI63929/16.0.0.2/readme.txt"},{"INLabel":"V8.5.5.x Readme","INLang":"US English","INSize":"3033","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI63929/8.5.5.9/readme.txt"}]
On
[{"DNLabel":"16.0.0.2-WS-WLP-IFPI63929","DNDate":"16-8-23","DNLang":"US English","DNSize":"1312581","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16.0.0.2-WS-WLP-IFPI63929&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"16002-wlp-archive-IFPI63929","DNDate":"16-9-20","DNLang":"US English","DNSize":"1241537","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=16002-wlp-archive-IFPI63929&includeSupersedes=0 ","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.8-WS-WLP-IFPI63929","DNDate":"08-23-2016","DNLang":"US English","DNSize":"607291","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.8-WS-WLP-IFPI63929&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.9-WS-WLP-IFPI63929","DNDate":"08-23-2016","DNLang":"US English","DNSize":"495994","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.9-WS-WLP-IFPI63929&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8558-wlp-archive-IFPI63929","DNDate":"20 Sep 2016","DNLang":"US English","DNSize":"3217292","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8558-wlp-archive-IFPI63929&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8559-wlp-archive-IFPI63929","DNDate":"20 Sep 2016","DNLang":"US English","DNSize":"3180774","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8559-wlp-archive-IFPI63929&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF014","label":"iOS"},{"code":"PF035","label":"z\/OS"}],"Version":"16.0.0.2;8.5.5.8;8.5.5.9","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24042664