Security Bulletin: A security vulnerability has been identified in IBM Websphere Application Server shipped with IBM Security/Tivoli Directory Server (CVE-2017-1503)

Summary

IBM Websphere Application Server is shipped as a component of IBM Security/Tivoli Directory Server. Information about a security vulnerability affecting IBM Websphere Application Server has been published in a security bulletin.

Vulnerability Details

Please see the following security bulletin for vulnerability details:
Security Bulletin: WebSphere Application Server Edge Caching Proxy may be vulnerable to HTTP response splitting (CVE-2017-1503)

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
IBM Security Directory Server Version 6.4| IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.12
IBM Security Directory Server Version 6.3.1 and
Tivoli Directory Server Version 6.3| IBM WebSphere Application Server Version 7.0.0.0 through 7.0.0.43

Remediation/Fixes

For V8.5.0.0 through 8.5.5.12:

• Upgrade to 8.5.5.11 fix pack level then apply Interim Fix PI82587
  -- OR
• Upgrade to 8.5.5.12 fix pack level then apply Interim Fix PI82587
  -- OR
• Apply Fix Pack 13 (8.5.5.13), or later (targeted availability 5 February 2018).

For V7.0.0.0 through 7.0.0.43:

• Upgrade to a minimum of 7.0.0.41 fix pack level then apply Interim Fix PI82587
  -- OR
• Apply Fix Pack 45 (7.0.0.45), or later (targeted availability 2Q 2018).