Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2015-7450, CVE-2015-2017, CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)

Summary

WebSphere Application Server is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

Vulnerability Details

Please consult the security bulletins

• Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)
• Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2015 CPU (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)
• Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)

for vulnerability details and information about fixes.

Affected Products and Versions

• WebSphere Process Server 7.0.x
• WebSphere Process Server Hypervisor Editions V7.0

General support for WebSphere Process Server ended 2015-04-30. Hypervisor editions were in support until 2015-09-30. You are strongly advised to upgrade to a supported product such as IBM Business Process Manager Advanced Edition.

Workarounds and Mitigations

None