back to article WebSphere and loathing in New York: IBM yanks buggy application server security fix from admins

IBM has withdrawn a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems. Just this week, Big Blue said it is working on a new fix for CVE-2018-1567, a remote-code execution vulnerability in versions 9.0, 8.5, 8.0, and 7.0 of the platform. The bug has received …

  1. eldakka Silver badge

    Patched server, or working server. Pick one...

    Well a non-working server is a secure server at least.

  2. david bates

    Due to regression

    Yes lads. There's a whole phase of testing that's supposed to cover that....I wonder what went wrong....

    1. The Pi Man

      Re: Due to regression

      Probably weren’t enough customers to test it for them?

    2. GnuTzu

      Re: Due to regression -- Non-API

      As a development platform, what is the chance that web applications had been built to a bug, and IBM simply didn't have a regression test for that bug? Then again, I haven't WebSphere API documentation for over a decade, and I don't remember how good it is. The point being that when API documentation is weak, developers are forced to fidget to figure out how things work, and that's one of the reasons developers sometime code to a bug rather than the actual API.

  3. Anonymous Coward

    Who still uses WebSphere?

    Seriously - anyone?

    1. Anonymous Coward
      Anonymous Coward

      Re: Who still uses WebSphere?

      Why do you think IBM offers outsourcing? To get their staff to "support" their dying products.

      There's only so much golf, booze, luxury accommodation and people of negotiable value that an exec can be exposed to. And unfortunately for IBM, that is significantly less than the amount required to get a mentally capable exec to support the rollout of Websphere or Notes. That's also the reason IBM pitch to government departments....

    2. Anonymous Coward
      Anonymous Coward

      Re: Who still uses WebSphere?

      *meekly raises hand from the back*

      Not by my choosing, of course. Rest assured if you run any enterprise software that IBM had anything to do with ever, they tried to cram WebSphere, UrbanCode, and RTC into it. And probably NetBEUI and Token Ring, too.

      Here's an amusing tale: according to this article, the fscked security patch was released on September 5th. I wasn't actually notified about the availability of said patch until October 8th. I don't know whether to be furious or relieved by IBM's tardiness in issuing security advisories for its products.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021