PM52754: SHIP FMID HHAP700 COMPID 5655I3510 - Z/OS IBM HTTP SERVER FOR WEBSPHERE (POWERED BY APACHE) FIX PACK 7.0.0.21

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• z/OS IBM HTTP Server for WebSphere (powered by Apache) Fix Pack
  7.0.0.21
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:  All users of IBM HTTP Server V7.0           *
  *                  (powered by Apache) for z/OS                *
  ****************************************************************
  * PROBLEM DESCRIPTION: This APAR addresses various defects     *
  *                      in IBM HTTP Server V7.0 on z/OS         *
  *                      (powered by Apache)                     *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  This APAR fixes the following defects in IBM HTTP Server V7.0
  (powered by Apache) for z/OS
  
  APAR    Description
  ------- --------------------------------------------------------
  PM44816 Provide end-to-end timeouts for slow requests
  PM46234 CVE-2011-3192: Potential DoS with malicious range
          requests
  PM43037 ProxyPass broken due to ebcdic to ascii translation
          issue with interim response headers
  PM43354 No error message for rotatelogs syntax errors
  PM44635 IHS returns 500 instead of 401 for a revoked SAF userid
  PM45618 IHS threads can hang in ldap_bind() without any timeout
  PM47429 IHS mod_ldap fails at runtime with 'SSL support failed
          initialization'
  PM47852 mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when
          the method is not recognized. (CVE-2011-3348)
  PM48384 Potential pattern expansion problem when mod_proxy and
          mod_rewrite are used together.
          (CVE-2011-3368, CVE-2011-3639, CVE-2011-4317)
  PM50426 Potential buffer overflow and high memory usage in IBM
          HTTP Server. (CVE-2011-3607)
  *** NOTE ***
  Additional information about the APARs listed above can be found
  in RETAIN or by using the APAR search facility located at URL:
  http://www.ibm.com/software/webservers/appserv/was/support/
  to search on the APAR number.
  

Problem conclusion

• This APAR fixes various defects in IBM HTTP Server V7.0
  (powered by Apache) for z/OS.  It is currently targeted for
  inclusion in Service Level (Fix Pack) 7.0.0.21 of IBM HTTP
  Server V7.0
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UK74974

Fix information

• Fixed component name

  WAS IHS ZOS

• Fixed component ID

  5655I3510

Applicable component levels

• R700 PSY UK74974

     UP12/01/13 P F201

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.