IBM WebSphere Application Server Predictable Session ID Vulnerability

IBM WebSphere Application Server Predictable Session ID Vulnerability

Solution:
This issue was resolved in IBM WebSphere Application Server 4.0(and later) and any information about patching these versions should be disregarded.

The vendor has released a patch which addresses this issue.

IBM Websphere Application Server 3.0 .2.2

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM Websphere Application Server 3.0 .2.3

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM WebSphere Application Server Advanced Edition 3.0 .2.1

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM Websphere Application Server 3.0 .2.4

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM Websphere Application Server 3.5.1

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM Websphere Application Server 3.5.2

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html

IBM Websphere Application Server 3.5.3

IBM E-fix PQ47663V302
http://www-4.ibm.com/software/webservers/appserv/efix_new.html