Fix (APAR): PH17678 Status: Fix Release: 19.0.0.10 Operating System: AIX,HP-UX,IBM i,Linux,Solaris,Windows,OS X Supersedes Fixes: PH17331,PH18113 CMVC Defect: Byte size of APAR: 2612997 Date: 20191021 Abstract: Man in the middle vulnerability in OpenSAML (CVE-2014-3603) Description/symptom of problem: PH17678 resolves the following problem: Man in the middle vulnerability in OpenSAML (CVE-2014-3603) For installing into a Docker application image based on Liberty images, please review: https://www-01.ibm.com/support/docview.wss?uid=ibm10961580 Directions to apply fix: 1. Stop your WebSphere Application Server Liberty (WebSphere Liberty) server(s). 2. The following files will be backed up to [LibertyRootDir]/lib/fixes automatically, if they exist (file locations are relative to your WebSphere Liberty install root, and may not exist depending on the installed product edition or configuration of runtime): - lib/features/com.ibm.websphere.appserver.samlWeb-2.0.mf 3. Open a console and direct it to the location of your iFix jar 4. Run the command "java -jar 190010-wlp-archive-IFPH17678.jar". The following launch options are available for the jar: --installLocation [LibertyRootDir] by default the jar will look for a "wlp" directory in its current location. If your WebSphere Liberty install location is different to "wlp" and/or is not in the same directory as the jar then you can use this option to change where the jar will patch. [LibertyRootDir] can either be relative to the location of the jar or an absolute file path. --suppressInfo hides all messages other than confirming the patch has completed or error messages. 5. When you next start your WebSphere Liberty server(s), the fix will become active in your runtime. Directions to remove fix: 1. Stop your WebSphere Liberty server(s). 2. You will need to delete the following files (file locations are relative to your WebSphere Liberty install root): - lib/com.ibm.ws.org.apache.commons.httpclient_1.0.33.cl191020191021-1600.jar - lib/com.ibm.ws.org.opensaml.opensaml.2.6.1_1.0.33.cl191020191021-1600.jar - lib/fixes/190010-wlp-archive-IFPH17678_19.0.0010.20191021_1936.xml - lib/fixes/190010-wlp-archive-IFPH17678_19.0.0010.20191021_1936.lpmf - lib/features/com.ibm.websphere.appserver.samlWeb-2.0.mf 3. You will need to restore the static files by extracting the corresponding backup archive from [LibertyRootDir]/lib/fixes (contents of the backup archive are relative to your WebSphere Liberty install root). 4. When you next start your WebSphere Liberty server(s), use the --clean option. The fix will then become inactive in your runtime. Directions to re-apply fix: 1. Follow the instructions to apply the fix. Additional Information: