Fix (APAR):  PH07036

Status:  Fix

Release:  19.0.0.1

Operating System:  AIX,HP-UX,IBM i,Linux,OS X,Solaris,Windows,z/OS

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  2188238

Date: 2019-02-27

Abstract:  Potential spoofing vulnerability in WebSphere Application Server (CVE-2018-1902)

Description/symptom of problem:  




PH07036 resolves the following problem:

ERROR DESCRIPTION:
Potential spoofing vulnerability in WebSphere Application Server (CVE-2018-1902)

LOCAL FIX:N/A                                             

PROBLEM SUMMARY:
Potential spoofing vulnerability in WebSphere Application Server (CVE-2018-1902)

PROBLEM CONCLUSION:
Vulnerability has been fixed.                                   
                                                                
The fix for this APAR is currently targeted for inclusion in fix
packs 8.5.5.16, 9.0.0.11, and Liberty 19.0.0.3.  Please refer to
the Recommended Updates page for delivery information:          
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 









Directions to apply fix:  Fix applies to Editions:
_X_ Application Server (Express or BASE)
_X_ Network Deployment (ND)
__ Edge Components
_X_ Developer

Install Fix to all WebSphere installations unless special instructions are included below.

Special Instructions: None

NOTE:
The user must:
* Logged in with the same authority level when unpacking a fix, fix pack or refresh pack.
* Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required.

The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before applying the iFixes.  Restart WebSphere Application Server after applying the iFixes.









Directions to remove fix:  

The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before removing the iFixes.  Restart WebSphere Application Server after removing the iFixes.









Directions to re-apply fix:  
1) Shutdown WebSphere Application Server.

2) Follow the Fix instructions to apply the fix.

3) Restart WebSphere Application Server.











Additional Information: