IBM Support

IJ21690: TEP EMBEDDED BROWSER COMPONENT USING OUT-OF-DATE USER-AGENT REQUEST HEADER STRING

A fix is available

IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 5 (6.3.0.7-TIV-ITM-SP0005)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Environment:  TEP - all supported platforms and deployment
modes.

Problem Description:
The TEP client uses an embedded browser component named
WebRenderer, which is licensed from
JadeLiquid. When communicating with a web server, this component
is sending the following
User-Agent request header string:

"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0) Gecko/20100101
Firefox/4.0"

The version of Firefox referenced in the string above is no
longer supported. ITM customers are
now configuring their Web servers and associated proxies (e.g.,
firewalls) to inspect this User-Agent
value to ensure that the identified User-Agent complies with
their security requirements.

Local fix

  • See SF case TS003108762 for instructions on how to re-configure
the TEP client to update the  User-Agent request header string
using a supported system property.

Related Files and Output:  /ecurep/sf/TS003/108/TS003108762/

Problem summary

  • TEP EMBEDDED BROWSER COMPONENT USING OUT-OF-DATE USER-AGENT


The TEP client uses an embedded browser component library to
communicate
with web servers.  This component is sending the following
User-Agent string
in the request header:

"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0) Gecko/20100101
Firefox/4.0"

The version of 'Firefox' referenced in the string above is no
longer supported by Mozilla.  ITM customers are
now configuring their Web servers and associated proxies (e.g.,
firewalls) to inspect this User-Agent
value to ensure that the identified User-Agent complies with
their security requirements.  Because the value of this
User-Agent string implies
an non-supported version (with possible security
vulnerabilities), customer
Web servers and associated proxies are disallowing successful
connections between
the TEP browser view and the servers managing the web content.

Problem conclusion

  • The User-Agent string was updated to reflect a more current
level:

"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101
Firefox/71.0"


The fix for this APAR is contained in the following maintenance
packages:

   | service pack | 6.3.0.7-TIV-ITM-SP0005

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ21690
    • 

  • Reported component name
    TEP
    • 

  • Reported component ID
    5724C04EP
    • 

  • Reported release
    630
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-12-17
    • 

  • Closed date
    2020-07-30
    • 

  • Last modified date
    2020-07-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TEP
    • 

  • Fixed component ID
    5724C04EP
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 March 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback