Ispravljen je novi sigurnosni propust vezan uz IBM WebSphere Application Server koji napadačima omogućuje izvođenje napada uskraćivanja (eng. Denial of Service).

Fix (APAR):  PM42458

Status:  Fix

Release:  8.0

Operating System:  AIX,HP-UX,IBM i,Linux,Solaris,Windows,z/OS

Supersedes Fixes:  

CMVC Defect:  708975

Byte size of APAR:  113399

Date: 2011-07-07

Abstract:  NullPointerException thrown from process detection bundle when installing a product and interim fix together.

Description/symptom of problem:  
PM42458 resolves the following problem:

ERROR DESCRIPTION:                                              
A NullPointerException is thrown from the process detection     
bundle when installing a product and an interim fix together.   
You have to install the product and the interim fix at 2        
different times in order to workaround this issue.              

LOCAL FIX:                                                      

PROBLEM SUMMARY

USERS AFFECTED:
 All users of IBM WebSphere Application
Server who install the product and interim
fix together with a clean Installation
Manager appdata location.

PROBLEM DESCRIPTION:
NullPointerException thrown from
process detection bundle when
installing a product and interim fix
together.

RECOMMENDATION:
None

If you launch Installation Manager and specify a new appdata
location, and then install both the WebSphere Application
Server product and interim fixes together, the install fails
and a NullPointerException is thrown from the process detection
bundle.

PROBLEM CONCLUSION:                                             
Process detection bundle now caches the install location from   
IProfile obtained from Installation Manager to prevent any      
changes in the return value of the install location obtained    
from IProfile.                                                  
                                                                
The fix for this APAR is currently targeted for inclusion in    
fix packs 8.0.0.1 and 7.0.0.19.  Please refer to the            
Recommended Updates page for delivery information:              
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980   
                                                                
This fix is also available for V8.0 via interim fix PM42458.    


Directions to apply fix:  Fix applies to Editions:
Release 8.0
_X_ Application Server (Express or BASE)
_X_ Network Deployment (ND)
__ Edge Components
_X_ Developer

Install Fix to all WebSphere installations unless special instructions are included below.

Special Instructions: None

NOTE:
The user must:
* Logged in with the same authority level when unpacking a fix, fix pack or refresh pack.
* Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required.

The IBM Information Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before applying the iFixes.  Restart WebSphere Application Server after applying the iFixes.

Directions to remove fix:  

The IBM Information Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before removing the iFixes.  Restart WebSphere Application Server after removing the iFixes.

Directions to re-apply fix:  
1) Shutdown WebSphere Application Server.

2) Follow the Fix instructions to apply the fix.

3) Restart WebSphere Application Server.



Additional Information: