Possible Security Exposure after applying WebSphere Application Server 5.1.1.7 or 5.0.2.14.
 Flash (Alert)
 
Abstract
You must apply mandatory fix PK14478, if you have applied WebSphere Application Server Fix Pack 7 for 5.1.1 (5.1.1.7) or Fix Pack 14 for 5.0.2 (5.0.2.14) to resolve possible IO Errors that my have security exposure implications.
 
Content
Problem Description:
Frequent "IOException: Read timed out" messages in the error or trace logs, especially from HttpRequest.finish().

After applying 5.1.1.7 or 5.0.2.14, you may observe a spate of IO Errors. This may have possible security exposure implications. The errors you see may look like this:


java.net.SocketTimeoutException: Read timed out java.net.SocketInputStream.socketRead0(Native Method) java.net.SocketInputStream.read(SocketInputStream.java:153)
com.ibm.ws.io.Stream.read(Stream.java:17)
com.ibm.ws.io.ReadStream.read(ReadStream.java:181)
com.ibm.ws.http.ContentLengthInputStream.read
(ContentLengthInputStream.java:48)
WASRUN read timed out SocketTimeoutException


Problem Conclusion:
The processing in HttpRequest.finish() has been changed to insure that the HTTP headers from the current request are cleaned up.

Versions Affected:

Versions affected

Version problem is fixed

APAR

V5.0.2.14

V5.0.2.15

PK14478

V5.1.1.7

V5.1.1.8

PK14478

Solution:
Fixes are available for IBM WebSphere Application Server as follows:
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > HTTP Transport
Operating system(s): z/OS
Software version: 5.1.1.7
Software edition:
Reference #: 1222818
IBM Group: Software Group
Modified date: Jun 27, 2006