|
Problem |
A possible security exposure has been identified in Web
servers using IBM® WebSphere® Application Server Version 4.0 release
plug-ins and HTTP requests with large headers, documented in APAR
PQ62144. |
|
Solution |
IBM has identified a potential security exposure in Web
servers using IBM WebSphere Application Server plug-ins where an HTTP
request with large headers could potentially crash the Web server.
Versions affected:
IBM WebSphere Application Server Versions 4.0.1, up to and including
v4.0.3, on all platforms, may be affected by this exposure.
The problem does not occur in IBM WebSphere Application Server Version
v4.0.4 or later.
Solution:
The interim APAR fix is available for IBM WebSphere Application Server
Version v4.0 releases via APAR PQ62144, and is also delivered in the Fix
Pack 4 for IBM WebSphere Application Server Version 4.0 (also knowns as
4.0.4).
To download the interim APAR fix PQ62144 or WebSphere Application Server
Fix Pack 4.0.4 (or later):
- Go to http://www.ibm.com/software/webservers/appserv/was/support/
- Search for "PQ62144" or "Fix Pack 4.0" and download the latest 4.0.x
Fix Pack of 4.0.4 or later.
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
IBM HTTP Server |
Not Applicable |
AIX, HPUX, Linux, Sun Solaris, Windows 2000, Windows NT |
1.3.19, 1.3.19.1, 1.3.19.2 |
All Editions |
|
|
|
|