Possible security exposure on WebSphere Application Server Version 4.0.3 and 4.0.4 under specific conditions (APAR PQ68519)
 Flash (Alert)
 
Abstract
Under certain conditions involving a failed request when using HTTPSession and directing a user between two separate virtual hosts sharing a common session database or multiple web applications in the same Application Server or different web applications on different servers sharing a common session database, one user might gain access to the session data of another user.
 
Content
Possible Security Exposure Flash relative to APAR PQ68519 for notification to customers.

Versions affected:
WebSphere® Application Server Version 4.0.3 and 4.0.4 are potentially vulnerable. This problem does not occur in Version 4.0.5 or later.

Solution:
A fix is available for WebSphere Application Server Version 4.0.3 and Version 4.0.4 by way of APAR PQ68519 and is delivered in Fix Pack 5 for WebSphere Application Server Version 4.0 (also known as Version 4.0.5) or later.

To download the fix or WebSphere Application Server Fix Pack 4.0.5 or later, go to the WebSphere Application Server support page and search for "PQ68519" or "Fix Pack 4.0.5" or a later fix pack.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s): Windows
Software version: 4.0.4
Software edition:
Reference #: 1084017
IBM Group: Software Group
Modified date: Sep 14, 2004