PQ66381: AFTER PQ60145 UNAUTHENTICATED USER'S ARE AUTHENTICATE USING DATAFROM ANOTHER USER'S REQUEST

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
A user requests an authenticated URL from the browser.
nother request for an unauthenticated URL is made via
elnet.  WebSphere does not treat the second request as
an anonymous user.  What should be an anonymous user is treated
as the last authenticated user to hit the site.
Local fix
Build eFix
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server Users of the    *
*                 4.0.4 WebContainer                           *
****************************************************************
* PROBLEM DESCRIPTION: Unauthenicated user's are being         *
*                      authenicated using data from another    *
*                      user's request.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When Basic Authentication is on, unsecured requests are
using the user authentication information from a previous
authenticated request.
Problem conclusion
Request headers are being cleared after each request so the
information can't be reused.
Temporary fix Comments
APAR information
APAR number PQ66381
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-09-19
Closed date 2002-09-23
Last modified date 2002-09-25

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ENGINE          

SRLS

Fix information
Fixed component name WEBSPHERE AE SO
Fixed component ID 5630A2202

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ66381
IBM Group: Software Group
Modified date: Sep 25, 2002