|
Abstract |
Possible security exposure of buffer overflow in IBM
WebSphere Application Server V5.0.2. If security is enabled and local OS
is configured as the user registry on Windows NT® and UNIX® Local OS, a
unicode buffer can overflow and cause IBM® WebSphere® Application Server
to fail. |
|
|
|
Content |
A possible security exposure has been identified in IBM
WebSphere Application Server for all releases of WebSphere Application
Server Base, Network Deployment, and Express Version 5.0, 5.0.1 and 5.0.2.
This is only applicable to users who enable security and configured local
OS as the user registry on Windows® NT and UNIX Local OS. There is a
possible unicode buffer overflow under these conditions.
Versions Affected
The WebSphere Application Server code was updated to resolve the issue:
Versions
affected
|
Version problem is fixed
|
Interim or Cumulative Fix
|
V5.0 through V5.0.1
|
V5.0.2.11
|
Must apply Fix
Pack 2 (5.0.2), or later, then Cumulative
Fix 11 (5.0.2.11), or later
- OR -
Must apply Fix
Pack 2 (5.0.2), or later, then Cumulative
Fix 5 (5.0.2.5), or later, then apply Interim Fix APAR PK02002
(if you do not wish to upgrade to Cumulative Fix 11
(5.0.2.11) at this time) |
V5.0.2 through V5.0.2.4
|
V5.0.2.11
|
Must apply Cumulative
Fix 11 (5.0.2.11), or later
- OR -
Must apply Cumulative
Fix 5 (5.0.2.5), or later, then apply Interim Fix APAR PK02002 |
V5.0.2.5 through V5.0.2.10
|
V5.0.2.11
|
Must apply Cumulative Fix 11, or later
- OR -
Must apply Interim Fix APAR PK02002 |
Solutions
Fixes are available for IBM WebSphere Application Server as follows:
- For versions 5.0.2.5 through 5.0.2.10,
- For versions 5.0.2.0 through 5.0.2.4,
- For versions 5.0.0.0 through 5.0.1.0,
IBM interim fixes and fix packs are available from the IBM WebSphere Application Server product support
page. |
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
WebSphere Application Server - Express |
Security |
AIX, HP-UX, Solaris, Windows |
5.0, 5.0.1, 5.0.2, 5.0.2.1, 5.0.2.10, 5.0.2.2, 5.0.2.3, 5.0.2.4,
5.0.2.5, 5.0.2.6, 5.0.2.7, 5.0.2.8, 5.0.2.9 |
Express |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|