APAR status
Closed as program error.
Error description
ESI/plugin serves cached secure content.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Users of WebSphere Application Server *
* plug-in ESI caching processor. *
****************************************************************
* PROBLEM DESCRIPTION: Application Server plug-in ESI caching *
* processor creates the cache objects *
* containing requesting method and *
* incoming URL information, regardless *
* of which transferring protocol is *
* used. Therefore, the response *
* transferred over HTTPS could be *
* cached and served for the same HTTP *
* request, which could pose a security *
* hole. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
HTTPS responses were cached and served for HTTP request.
Problem conclusion
WebSphere plug-in ESI processor will only serve cached HTTPS
response for the same HTTPS requests.
Temporary fix Comments
APAR information |
APAR number |
PQ89034 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-05-19 |
Closed date |
2004-07-12 |
Last modified date |
2004-07-12 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|