Fix (APAR): PI13162 Status: Fix Release: 8.5.5.1,8.5.5,8.5.0.2,8.5.0.1,8.5 Operating System: AIX,HP-UX,IBM i,Linux,Mac OS,Solaris,Windows,z/OS Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 1124861 Date: 2014-03-26 Abstract: Apache Commons FileUpload used by WebSphere Application Server could be vulnerable to a denial of service. Description/symptom of problem: PI13162 resolves the following problem: Apache Commons FileUpload used by WebSphere Application Server could be vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Directions to apply fix: 1) Shutdown WebSphere Application Server. 2) Apply the fix. 1) Download the fix. 2) Unzip the file into a new directory specifically for this fix. 3) Run Installation Manager. 4) Setup the repository by going to File > Preferences. 5) Click Add repository and browse to the repository.config in the new directory 6) Click OK and close the Preferences panel. 7) Click Update and select the Package Group corresponding to the WebSphere Extended Deployment Compute Grid Install. Click Next. Select the desired interim fix and proceed to install it. 3) Start WebSphere Application Server. Directions to remove fix: NOTE: * The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * IF THE FIX THAT YOU ARE REMOVING IS A PREREQUISITE OF ANOTHER FIX, THEN BOTH FIXES MUST BE REMOVED. 1) Shutdown WebSphere Application Server. 2) Start the Installation Manager. 3) Click Uninstall Packages. 4) Select the interim fix and click Next. 5) Click Uninstall. 6) Start WebSphere Application Server. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Start WebSphere Application Server. Additional Information: