A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2013-0599
**Description:**A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83613>
CVSS Environmental Score:* Undefined
CVSS Vector: (AV:N/AC:L/AU:N/C:P/I:N/A:N)
RDA versions 5.2.1 (and earlier) and 5.1.1.2 (and earlier) are affected due to this vulnerability.
Upgrade to one of the following releases:
WORKAROUND:
Download and extract the rds-help.war file: <http://download.boulder.ibm.com/ibmdl/pub/software/rationalsdp/documentation/war/rds-help.war_1.0.0.I20130508_1017.zip>
RDA with Apache Tomcat Server. 5.2.0.2 (or earlier) and 5.1.1.1 (or earlier):
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\bin\catalina.bat stop
2. Navigate to the war file located in the RDS/RDA install location. Windows:
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\webapps UNIX / Linux:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/webapps``
`
3. Delete/backup the following:
_file: _rds-help.war * _directory: _rds-help
Replace with the rds-help.war download.
Start the WebAccessServer
Windows:
<RDS\RDA install location>\WebAccessServer\Start_RDAWebServer.bat
UNIX / Linux:
`<RDS/RDA install location>/WebAccessServer/Start_RDAWebServer.sh ``
`
RDA with WebSphere Application Server. 5.2.1 (or later) and 5.1.1.2 (or later):
<RDS\RDA install location>\WebAppsServer\RDAWebAppServer.bat stop
2. Navigate to the war file located in the RDS/RDA install location. Windows:
<RDS\RDA install location>\WebAppsServer\WLP_8.5.x.0\usr\servers\defaultServer(apps Or dropins)
UNIX / Linux:
<RDS/RDA install location>/WLP_8.5.x.0/usr/servers/defaultServer/(apps Or dropins)
``_
_`
3. Delete/backup the following:
**
Replace with the rds-help.war download.
Start the WebAppsServer
Windows:
<RDS\RDA install location>\WebAppsServer\RDAWebAppServer.bat start
UNIX / Linux:
<RDS/RDA install location>/WebAppsServer/RDAWebAppServer.sh start
The latest rds-help.war file is now installed which does not have the security vulnerabilities.