JR42861 Security vulnerabilities in Information Server Web Console

This change addresses the following security vulnerabilities in the Information Server Web Console:
  - Cross-Site Request Forgery
  - Cross-Site Scripting
  - Link Injection (facilitates Cross Site Request Forgery)
  - Phishing Through Frames

To address the "Session Identifier Not Updated" issues reported by Security Scanning tools for URLs such as the following:
  http://host:port/ibm/iis/console/j_security_check
  http://host:port/ibm/iis/console/common/main.jsp
  http://host:port/ibm/iis/console/common/launchHelp.jsp
  http://host:port/ibm/iis/console/common/primaryTabs.jsp
  http://host:port/reporting/main/RecentReportLayout.jsp
You must enable security integration in the WebSphere session management settings. Once enabled, that issue reported by the
security scanning tool can be ignored. To enable security integration, 
   - login to the WebSphere Administration Integrated Solutions Console
   - click Security > Global security
   - expand Web and SIP security and select General settings
   - the "Authenticate only when the URI is protected" radio button should be selected
   - check "Use available authentication data when an unprotected URI is accessed"
   - click Apply
   - click Servers > Server Types > WebSphere application servers
   - click the server_name (for clustered configuration you must repeat this for each application server in the cluster)
   - click Session management
   - check Security Integration
   - click Apply
   - save the changes and restart the application server (for clustered configurations, you must update and save this setting
     for every application server in the cluster and then restart the cluster)
     For further details see http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.nd.multiplatform.doc%2Finfo%2Fae%2Fae%2Fuprs_rsession_manager.html