Information Disclosure in Apache MyFaces affects WebSphere Application Server (CVE-2011-4343)
PI87299 resolves the following problem:
ERROR DESCRIPTION:
Information disclosure in Apache MyFaces affects WebSphere Application Server (CVE-2011-4343).
LOCAL FIX:
PROBLEM SUMMARY:
Information disclosure in Apache MyFaces affects WebSphere Application Server (CVE-2011-4343).
PROBLEM CONCLUSION:
The JSF MyFaces 2.0 code was updated to fix this vulnerability.
The fix for this APAR is currently targeted for inclusion in fix pack
8.0.0.15, and 8.5.5.13 for WebSphere Application Server traditional
and 17.0.0.3 for WebSphere Application Server Liberty.
Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Please review the readme.txt for detailed installation instructions.
[{"INLabel":"V85 Readme","INLang":"US English","INSize":"2874","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI87299/8.5.5.12/readme.txt"},{"INLabel":"V80 Readme","INLang":"US English","INSize":"2821","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI87299/8.0.0.13/readme.txt"}]
On
[{"DNLabel":"8.5.5.2 - 8.5.5.12 WAS traditional","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"311980","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.5.5.2-WS-WAS-IFPI87299&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.13 WAS traditional","DNDate":"23 Oct 2017","DNLang":"US English","DNSize":"302477","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.0.0.9-WS-WAS-IFPI87299&includeSupersedes=0","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.14 WAS traditional","DNDate":"30 Oct 2017","DNLang":"US English","DNSize":"303008","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=8.0.0.14-WS-WAS-IFPI87299&includeSupersedes=0","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.9;8.5.5.8;8.5.5.7;8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.12;8.5.5.11;8.5.5.10;8.0.0.9;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.14","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed