Download
Abstract
Potential security exposure with the JAX-WS WS-Security runtime and the Timestamp element
Download Description
PM16014 resolves the following problem:
ERROR DESCRIPTION:
When the WS-Security policy for a JAX-WS application specifies
a Timestamp element, there is a potential risk of a security
exposure.
LOCAL FIX:
na
PROBLEM SUMMARY
USERS AFFECTED:
IBM WebSphere Application Server users of
WS-Security enabled JAX-WS applications
utilizing Timestamp.
JAX-RPC applications are not impacted.
PROBLEM DESCRIPTION:
When using a WS-Security enabled JAX-WS web service application,
if the WS-Security policy specifies 'IncludeTimestamp', there
is a potential risk of security exposure.
WS-Security enabled JAX-RPC web service applications are not
impacted.
RECOMMENDATION:
Install a fixpack that includes this APAR.
PROBLEM CONCLUSION:
The JAX-WS WS-Security runtime is updated to eliminate the
potential security exposure.
After an fixpack or an ifix containing this APAR is
applied, the WS-Security runtime might reject SOAP messages
with an error related to the Timestamp element. If this
problem occurs, ensure that the WS-Security policy for
both the consumer and provider match.
For more information about the use of Timestamp in
WebSphere WS-Security and the precautions that should be
taken, refer to the following WebSphere Application Server
Information Center document on the Timestamp element:
The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.13. Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24027709