IBM Check out the new support experience beta

There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project.

CVE(s): CVE-2015-0254, CVE-2016-2945, CVE-2016-0389, CVE-2016-0359, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-2108

Affected product(s) and affected version(s):

All vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:

• Version 8.5.5 Liberty

Only CVE-2016-0254, CVE-2016-0359 and OpenSSL vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:

• Version 8.5.5 Full Profile.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/298lF7v
X-Force Database: http://ift.tt/1syxSqm
X-Force Database:
X-Force Database: http://ift.tt/28XVZcG
X-Force Database: http://ift.tt/28YBUiZ
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1VjTr9i

from IBM Product Security Incident Response Team http://ift.tt/298ma1h