Fix (APAR):  PI13162

Status:  Fix

Release:  8.0.0.3,8.0.0.2,8.0.0.1,8.0

Operating System:  AIX,HP-UX,IBM i,Linux,Solaris,Windows,i5/OS,z/OS

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  1310899

Date: 2014-03-26

Abstract:  Apache Commons FileUpload used by WebSphere Application Server could be vulnerable to a denial of service. 

Description/symptom of problem:  
PI13162 resolves the following problem:

Apache Commons FileUpload used by WebSphere Application Server could be vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

Directions to apply fix:  

Install fix to:
__ Application Server Nodes
__ Deployment Manager Nodes
_x_ Both

NOTE:
The user must:
* Log in with the same authority level when unpacking a fix, fix pack or refresh pack.
* Use Installation Manager to apply the fix.

1) Shutdown WebSphere Application Server.

2) Apply the fix.  The fix can be applied in 1 of 2 ways (2a and 2b).

  2a) Allow Installation Manager to download the fix from the repository (Recommended)
    1) Run Installation Manager.
    2) Setup the repository by going to File > Preferences.
    3) Click Add repository and add http://9.181.87.153/software/websphere/repositories/repository.config
    4) Click OK and close the Preferences panel.
    5) Click Update and select the Package Group corresponding to the WebSphere Application Server V7.0 Feature Pack for XML Install.  Click Next.
    6) Select the desired interim fix and proceed to install it.

  2b) If Installation Manager cannot download the fix due to a firewall access or for some other reason, you can download the fix manually.
    1) Download the fix by navigating to: http://9.181.87.153/software/websphere/downloads/xml/service/1.0/fixes and then navigating down through the directories for the specific fix.
    2) Unzip the file into a new directory specifically for this fix.
    3) Run Installation Manager.
    4) Setup the repository by going to File > Preferences.
    5) Click Add repository and browse to the repository.config in the new directory.
    6) Click OK and close the Preferences panel.
    7) Click Update and select the Package Group corresponding to the WebSphere Application Server Feature Pack for XML Install.  Click Next.
    8) Select the desired interim fix and proceed to install it.

3) Start WebSphere Application Server.

Directions to remove fix:  
NOTE:
* The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments.
* IF THE FIX THAT YOU ARE REMOVING IS A PREREQUISITE OF ANOTHER FIX, THEN BOTH FIXES MUST BE REMOVED.

1) Shutdown WebSphere Application Server.

2) Start the Installation Manager.

3) Click Uninstall Packages.

4) Select the interim fix and click Next.

5) Click Uninstall.

6) Start WebSphere Application Server.

Directions to re-apply fix:  
1) Shutdown WebSphere Application Server.

2) Follow the Fix instructions to apply the fix.

3) Start WebSphere Application Server.



Additional Information: