Fixes are available
APAR status
Closed as program error.
Error description
When security is not enabled, someone might be able to retrieve more information about a servlet than expected.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Version * * 8.5 Liberty profile users without security * * enabled. * **************************************************************** * PROBLEM DESCRIPTION: Request information is able to be * * retrieved when the security feature * * is not enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** Request information is able to be retrieved when the security feature is not enabled.
Problem conclusion
The code was modified to protect request information when the security feature is not enabled. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.0.1. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM73027
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-09-17
Closed date
2012-10-10
Last modified date
2012-10-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814
Applicable component levels
R850 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
29 October 2021