PQ80924: WEBSPHERE PLUG-IN DOES NOT HANDLE BACKSLASH CHARACTER IN COOKIE VALUE OF THE HTTP REQUEST

 Fixes are available

PQ86603: IBM HTTP Server V2.0.x mod_alias/mod_rewrite conflict with V5.0 plug-in
4.0.2-4.0.7: Plug-in component cumulative fix
5.0.2.7: WebSphere Application Server Express 5.0.2 Cumulative Fix 7
5.1.1: WebSphere Application Server Version 5.1 Fix Pack 1 (Version 5.1.1)
5.0.2.12: WebSphere Application Server 5.0.2 Cumulative Fix 12
5.0.2.13: WebSphere Application Server 5.0.2 Cumulative Fix 13
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for AIX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Solaris
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for HP-UX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Windows
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Windows
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for AIX
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for AIX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Solaris
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Windows
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.8: WebSphere Application Server V5.0.2 Cumulative Fix 8
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX



APAR status
Closed as program error.

Error description
WebSphere plug-in does not handle backslash character in cookie
value of the HTTP request.
.
For example, if cookie is set to alpesh=alpesh\\alpesh, in the
plug-in trace is printed this information of the http header
that is later sent to the AppServer (what is wrong):
TRACE:    Set-Cookie: alpesh=alpesh\alpesh
.
The same problem occurs in the latest Cumulative plug-in fix
for WebSphere 4.0.2-4.0.6, dated Oct 1, 2003
.
This problem very likely occurs also in WebSphere 5.0.x plug-ins
.
This problem very likely occurs also in WebSphere 5.1 plug-ins
Local fix
Not available.
Problem summary
****************************************************************
* USERS AFFECTED: Users of WAS Plug-in for iPlanet or SunOne   *
*                 webserver.                                   *
****************************************************************
* PROBLEM DESCRIPTION: Plug-in did not parse the escaped       *
*                      backslash included in the string that   *
*                      contained the request headers.  As a    *
*                      result, double backslashes were sent    *
*                      to appservers.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Plug-in sent double backslashes to appservers.
Problem conclusion
Plug-in now parses escaped backslash from string that contains
the request headers.
Temporary fix Comments
APAR information
APAR number PQ80924
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-11-13
Closed date 2003-11-20
Last modified date 2004-09-16

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
plugin          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ80924
IBM Group: Software Group
Modified date: Sep 16, 2004