Zero content-length POST body is occasionally sent by Internet Explorer 6 clients after installing Microsoft® security update MS04-004 or the 821814 Hotfix.

Technote (FAQ)
Problem
Internet Explorer (IE) 6 clients communicating over secure socket layers (SSL) transport have observed "HTTP 500 internal server error" messages returned to the browser after installing the Microsoft security update 832894 (MS04-004) or the 821814 Hotfix on the client machine.
Cause
Internal or external clients using the Microsoft IE 6 browser to connect to a Web server with SSL, might occasionally receive the "HTTP 500 internal server error" after installing Microsoft security update 832894 (MS04-004) or the 821814 Hotfix. Usually, this message occurs after form data is filled in and submitted for processing.

Analysis
Analysis of several plugin traces have shown the following pattern:

TRACE: lib_htrequest: htrequestWrite: Writing the request:
TRACE: POST /MyApp/MyServlet HTTP/1.1
TRACE: accept: image/gif, image/x-xbitmap, image/jpeg, */*
TRACE: referer:https: //www.mycompany.com/MyApp/MyPreviousServlet
TRACE: accept-language: en-us
TRACE: content-type: application/x-www-form-urlencoded
TRACE: accept-encoding: gzip, deflate
TRACE: user-agent: Mozilla/4.0 (MSIE 6.0; Windows 98; .NET CLR 1.1.4322)
TRACE: host: www.mycompany.com
TRACE: connection: Keep-Alive
TRACE: cache-control: no-cache
TRACE: cookie: JSESSIONID=0001XDC3RO2Y2WZ1OCZOTYX1NOZ:v32r1ral
TRACE: content-length: 0
TRACE: $WSCS: RC4-128
TRACE: $WSIS: true
TRACE: $WSSC: https
TRACE: $WSPR: HTTP/1.1
TRACE: $WSRA: 10.10.10.2
TRACE: $WSRH: 10.10.10.2
TRACE: $WSSN: www.mycompany.com
TRACE: $WSSP: 443
TRACE: $WSSI: S0cfsXtuwnRx01sgrt=
TRACE: ws_common: websphereExecute: Wrote the request; reading the response

The WebSphere plug-in received data from the client, communicating over SSL. The request has the Content-Length set to zero (or the HTTPS POST requests did not have a body), and the HTTP header is being set by the client to the IE 6 browser.

The client browser is responsible for sending correct and complete data to the Web server, which does not happen in this case. A TCP/IP trace confirmed the analysis from the plug-in trace.
Solution
Microsoft Knowledge Base Article - 831167 describes the following:

Programs that use Wininet functions to post data, such as a user name or password, to a Web server retry the POST request with a blank header if the Web server closes or resets the initial connection request.

This behavior can be caused by Microsoft 832894 security update or by the Microsoft 821814 Hotfix.

Microsoft Knowledge Base Article - 831167 also states that the solution for this problem is to install the KB831167 fix.

This Microsoft IE 6 patch must be installed on Windows® client machines using IE 6 browsers.











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Plug-in
Operating system(s): AIX, HPUX, Linux, Multi-Platform, Solaris, Windows
Software version: 3.5, 4.0, 4.1, 5.0, 5.1
Software edition: Edition Independent
Reference #: 1165399
IBM Group: Software Group
Modified date: 2004-04-06