|
Abstract |
Under certain conditions involving a failed request when
using HTTPSession and directing a user between two separate virtual hosts
sharing a common session database or multiple web applications in the same
Application Server or different web applications on different servers
sharing a common session database, one user might gain access to the
session data of another user. |
|
Content |
Possible Security Exposure Flash relative to APAR PQ68519
for notification to customers.
Versions affected:
WebSphere® Application Server Version 4.0.3 and 4.0.4 are potentially
vulnerable. This problem does not occur in Version 4.0.5 or later.
Solution:
A fix is available for WebSphere Application Server Version 4.0.3 and
Version 4.0.4 by way of APAR PQ68519 and is delivered in Fix Pack 5 for
WebSphere Application Server Version 4.0 (also known as Version 4.0.5) or
later.
To download the fix or WebSphere Application Server Fix Pack 4.0.5 or
later, go to the WebSphere
Application Server support page and search for "PQ68519" or "Fix Pack
4.0.5" or a later fix pack. |
|
|
|
|
|
|