Possible security exposure with Web servers running with IBM WebSphere Application Server Version 4.0 release plug-ins (APAR PQ62144 and Fix Pack 4.0.4)
 Technote (FAQ)
 
Problem
A possible security exposure has been identified in Web servers using IBM® WebSphere® Application Server Version 4.0 release plug-ins and HTTP requests with large headers, documented in APAR PQ62144.
 
Solution
IBM has identified a potential security exposure in Web servers using IBM WebSphere Application Server plug-ins where an HTTP request with large headers could potentially crash the Web server.

Versions affected:

IBM WebSphere Application Server Versions 4.0.1, up to and including v4.0.3, on all platforms, may be affected by this exposure.

The problem does not occur in IBM WebSphere Application Server Version v4.0.4 or later.

Solution:

The interim APAR fix is available for IBM WebSphere Application Server Version v4.0 releases via APAR PQ62144, and is also delivered in the Fix Pack 4 for IBM WebSphere Application Server Version 4.0 (also knowns as 4.0.4).

To download the interim APAR fix PQ62144 or WebSphere Application Server Fix Pack 4.0.4 (or later):
  1. Go to http://www.ibm.com/software/webservers/appserv/was/support/
  2. Search for "PQ62144" or "Fix Pack 4.0" and download the latest 4.0.x Fix Pack of 4.0.4 or later.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers IBM HTTP Server Not Applicable AIX, HPUX, Linux, Sun Solaris, Windows 2000, Windows NT 1.3.19, 1.3.19.1, 1.3.19.2 All Editions
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Plug-in
Operating system(s): Windows
Software version: 4.0.3
Software edition:
Reference #: 1053738
IBM Group: Software Group
Modified date: Mar 31, 2006