IBM Support

IV97281: MALICIOUS FILE UPLOADS POSSIBLE BY BYPASSING JAVASCRIPT VALIDATION AFTER PROPERTIES ARE SET TO RESTRICT EXE FILE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as fixed if next.

Error description

  • Malicious file uploads possible by bypassing Javascript
    validation even after the appropriate properties are set to
    restrict exe files
    

Local fix

Problem summary

  • Need to resolve an issue were malicious files can be uploaded
    via Document Upload bypassing the client side validation.
    

Problem conclusion

  • Resolved an issue were malicious files can be uploaded via
    Document Upload bypassing the client side validation.
    This is targeted to the 1h2017 Release as well as the 3.5.2.3
    fix pack.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV97281

  • Reported component name

    TRI APP PLTFM R

  • Reported component ID

    5725F26RE

  • Reported release

    352

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-16

  • Closed date

    2017-06-26

  • Last modified date

    2017-06-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • 999
    

Fix information

Applicable component levels



Document information

More support for: IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform Runtime Engine

Software version: 352

Reference #: IV97281

Modified date: 26 June 2017