Fix (APAR):  PH20847

Status:  Fix

Release:  19.0.0.12

Operating System:  AIX,HP-UX,IBM i,Linux,OS X,Solaris,Windows,z/OS

Supersedes Fixes:  

CMVC Defect:  

Byte size of APAR:  2907343

Date: 2020-04-23

Abstract:  Information disclosure in WebSphere Application Server  (CVE-2020-4329)

Description/symptom of problem:  

PH20847 resolves the following problem:

ERROR DESCRIPTION:
Information disclosure in WebSphere Application Server  (CVE-2020-4329)

LOCAL FIX:
                                                                

PROBLEM SUMMARY:
Information disclosure in WebSphere Application Server  (CVE-2020-4329)

PROBLEM CONCLUSION:
The fix for this APAR is currently targeted for inclusion in fix
pack 8.5.5.18, 9.0.5.4, and Liberty 20.0.0.5.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980




Directions to apply fix:  
        1. Open a console and direct it to the location of your iFix jar
        2. Run the command "java -jar 190012-wlp-archive-IFPH20847.jar". The following launch options
        are available for the jar:

        --installLocation [LibertyRootDir] by default the jar will look for a "wlp" directory
        in its current location. If your WebSphere Liberty install
        location is different to "wlp" and/or is not in the same
        directory as the jar then you can use this option to change
        where the jar will patch. [LibertyRootDir] can either be
        relative to the location of the jar or an absolute file path.

        --suppressInfo hides all messages other than confirming the
        patch has completed or error messages.

        3. Stop your WebSphere Liberty server(s).
        4. When you next start your WebSphere Liberty server(s), the fix will become active in your runtime.







Directions to remove fix:  
        1. Stop your WebSphere Liberty server(s).
        2. You will need to delete the following files (file locations are
        relative to your WebSphere Liberty install root):

         - lib/com.ibm.ws.webcontainer_1.1.35.cl191220200116-1507.jar
         - lib/fixes/190012-wlp-archive-IFPH20847_19.0.0012.20200116_1859.xml
         - lib/fixes/190012-wlp-archive-IFPH20847_19.0.0012.20200116_1859.lpmf

        3. When you next start your WebSphere Liberty server(s), the fix will become inactive in your runtime.







Directions to re-apply fix:  
        1. Follow the instructions to apply the fix.







Additional Information: