PQ62249: WEBSPHERE PLUGIN CAUSES DR. WATSON ERRORS IN IHS

 A fix is available

PQ62144, 4.0.3: Possible security exposure with Web server plug-in



APAR status
Closed as program error.

Error description
When we add the following two lines to the http.conf file,
the Dr. Watson error returns.

-----------------------------------
LoadModule ibm_app_server_http_module
D:/WebSphere/AppServer/bin/mod_ibm_app_server_http.dll

WebSpherePluginConfig D:\WebSphere\AppServer\config\plugin-cfg.
xml
-----------------------------------

Without the two lines, JSPs are not processed.

What seems to kick off the Dr. Watson is a pollinog from
another server that does this (taken from the HTTP access
log):  "HEAD / HTTP/1.0" 200 0
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server version 4.0     *
*                 users of the IBM Http Server and Apache      *
*                 webserver plugins.                           *
****************************************************************
* PROBLEM DESCRIPTION: The webserver will periodically trap    *
*                      when a request with no host header      *
*                      is sent and the plugin-cfg.xml          *
*                      contains a non wild carded virtual      *
*                      host definition.                        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the host header wasn't sent, the plugin would attempt to
do a strcmp (string compare) on a NULL pointer if a non wild
carded virtual host was being used.  This would result in a trap
in the webserver process.
Problem conclusion
Prevent the server from trapping in this testcase by using
localhost for the server name if the host header isn't sent.
Temporary fix Comments
APAR information
APAR number PQ62249
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-06-13
Closed date 2002-07-23
Last modified date 2002-07-23

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
PLUGIN          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ62249
IBM Group: Software Group
Modified date: Jul 23, 2002