PQ97125: CAN-2004-0942 IS A DENIAL OF SERVICE EXPOSURE | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as fixed if next. Error description CAN-2004-0942 is a denial of service exposure in all levels of IHS >= 2.0. It can allow remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.Local fix This problem will be resolved with the e-fix for PQ94389. It will be resolved in future PTF, if any.Problem summary Length checking on input MIME headers did not account for space characters used at fold points, allowing large amount of storage to be allocated while parsing input data.Problem conclusion Temporary fix Comments This APAR is being closed as Fixed IF Next. There is a deficiency that we currently plan to fix if there is another release. E-fix PQ94389 will be made available to resolve this problem.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > IBM HTTP Server >
Runtime
Operating system(s):
Software version: 10I
Software edition:
Reference #: PQ97125
IBM Group: Software Group
Modified date: Nov 16, 2004
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.