Security Vulnerability with JavaServer Faces 2.0 portlet application
PI30579 resolves the following problem:
ERROR DESCRIPTION:
WebSphere Application Server could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within the JavaServer Faces (JSF) 2.0 portlet application. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information
LOCAL FIX:
PROBLEM SUMMARY:
The JSF 2.0 portlet bridge needs to be updated to restrict access to resources within JSF 2.0 portlet application
PROBLEM CONCLUSION:
The JSF 2.0 Portlet bridge was updated to restrict access to resources within JSF 2.0 portlet application
Please review the readme.txt for detailed installation instructions.
[{"INLabel":"Readme","INLang":"US English","INSize":"2664","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.0.0.8/readme.txt"},{"INLabel":"Readme_8.5.5.2","INLang":"US English","INSize":"2666","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.2/readme.txt"},{"INLabel":"Readme_8.5.5.4","INLang":"US English","INSize":"2735","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.4/readme.txt"},{"INLabel":"Readme_8.5.5.3","INLang":"US English","INSize":"2572","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI30579/8.5.5.3/readme.txt"}]
On
[{"DNLabel":"8.0.0.8-WS-WAS-IFPI30579","DNDate":"02-20-2015","DNLang":"US English","DNSize":"268124","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.8-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2-WS-WAS-IFPI30579","DNDate":"2 Mar 2015","DNLang":"US English","DNSize":"268733","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.2-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4-WS-WAS-IFPI30579","DNDate":"16 Apr 2015","DNLang":"US English","DNSize":"268935","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.3-WS-WAS-IFPI30579","DNDate":"11 Dec 2015","DNLang":"US English","DNSize":"269139","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.3-WS-WAS-IFPI30579&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.5.5.4;8.5.5.3;8.5.5.2;8.0.0.8","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]